CVE-2022-42969

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-42969
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42969.json
Aliases
Withdrawn
2024-05-07T20:22:36Z
Published
2022-10-16T06:15:09Z
Modified
2024-05-17T08:00:33.962631Z
Summary
[none]
Details

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability.

References

Affected packages

Git / github.com/pytest-dev/py

Affected ranges

Type
GIT
Repo
https://github.com/pytest-dev/py
Events
Introduced
0The exact introduced commit is unknown
Last affected

Affected versions

1.*

1.0.0
1.0.0b3
1.0.0b6
1.0.0b8
1.0.0b9
1.0.1
1.0.2
1.1.0
1.1.1
1.10.0
1.11.0
1.2.0
1.2.1
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.4.0
1.4.1
1.4.10
1.4.11
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.2
1.4.20
1.4.21
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.3
1.4.30
1.4.31
1.4.32
1.4.33
1.4.34
1.4.4
1.4.6
1.4.7
1.4.9
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.6.0
1.7.0
1.8.0
1.8.1
1.8.2
1.9.0