GHSA-c33w-24p9-8m24

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json
Aliases
  • CVE-2023-26112
Published
2023-04-03T06:30:19Z
Modified
2023-04-11T01:48:23.947967Z
Details

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)((.*)). Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.

References

Affected packages

PyPI / configobj

Source Details

Package Name
configobj

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Last affected
5.0.8

Affected versions

4.*

4.4.0
4.5.0
4.5.1
4.5.2
4.5.3
4.6.0
4.7.0
4.7.1
4.7.2

5.*

5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8