GHSA-hj5v-574p-mj7c
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hj5v-574p-mj7c
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-hj5v-574p-mj7c/GHSA-hj5v-574p-mj7c.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-hj5v-574p-mj7c
- Aliases
- Published
- 2021-04-20T16:39:57Z
- Modified
- 2024-10-21T21:24:40.526724Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- py vulnerable to Regular Expression Denial of Service
- Details
-
A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
- Database specific
{ "nvd_published_at": "2020-12-09T07:15:00Z", "severity": "HIGH", "github_reviewed_at": "2021-04-09T21:17:48Z", "github_reviewed": true, "cwe_ids": [ "CWE-400" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-29651
- https://github.com/pytest-dev/py/issues/256
- https://github.com/pytest-dev/py/pull/257
- https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144
- https://github.com/advisories/GHSA-hj5v-574p-mj7c
- https://github.com/pypa/advisory-database/tree/main/vulns/py/PYSEC-2020-92.yaml
- https://github.com/pytest-dev/py
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYWNYEV3FGDHPIHX4DDUDMFZ6NLCQRC4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHDTINIBJZ67T3W74QTBIY5LPKAXEOGR
- https://www.oracle.com/security-alerts/cpujul2022.html
Affected packages
PyPI / py
Package
- Name
- py
- View open source insights on deps.dev
- Purl
- pkg:pypi/py
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.0
Affected versions
0.*
0.8.0-alpha2
0.9.0
0.9.1
0.9.2
1.*
1.0.0
1.0.1
1.0.2
1.1.0
1.1.1
1.2.0
1.2.1
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7.dev3
1.4.7
1.4.8
1.4.9
1.4.10
1.4.11
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.20
1.4.21
1.4.22
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.30
1.4.31
1.4.32.dev1
1.4.32
1.4.33
1.4.34
1.5.1
1.5.2
1.5.3
1.5.4
1.6.0
1.7.0
1.8.0
1.8.1
1.8.2
1.9.0