CVE-2022-42966

Source
https://cve.org/CVERecord?id=CVE-2022-42966
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42966.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-42966
Aliases
Downstream
Published
2022-11-09T00:00:00Z
Modified
2026-07-15T01:49:02.119577772Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Exponential ReDoS in cleo leads to denial of service
Details

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method

Database specific
{
    "cwe_ids": [
        "CWE-1333"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/42xxx/CVE-2022-42966.json",
    "cna_assigner": "JFROG",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "1.0.0"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/python-poetry/cleo

Affected ranges

Type
GIT
Repo
https://github.com/python-poetry/cleo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:python-poetry:cleo:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.0.0"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

0.*
0.5.0
0.6.0
0.6.1
0.6.2
0.6.4
0.6.6
0.6.7
0.6.8
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.8.0
1.*
1.0.0
1.0.0a5
v0.*
v0.2.0
v0.2.1
v0.3.0
v0.4.0
v0.4.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42966.json"