GHSA-v65g-f3cj-fjp4

Suggest an improvement
Source
https://github.com/advisories/GHSA-v65g-f3cj-fjp4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-v65g-f3cj-fjp4/GHSA-v65g-f3cj-fjp4.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-v65g-f3cj-fjp4
Aliases
Published
2022-08-23T00:00:13Z
Modified
2025-02-14T05:28:49.818703Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Regular expression denial of service in eth-account
Details

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encodestructureddata method

Database specific 
{
    "github_reviewed": true,
    "nvd_published_at": "2022-08-22T19:15:00Z",
    "cwe_ids": [
        "CWE-1333",
        "CWE-697"
    ],
    "github_reviewed_at": "2022-08-30T20:20:59Z",
    "severity": "MODERATE"
}
References

Affected packages

PyPI / eth-account

Package

Name
eth-account
View open source insights on deps.dev
Purl
pkg:pypi/eth-account

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.9

Affected versions

0.*
0.1.0a1
0.1.0a2
0.2.0a0
0.2.0
0.2.1
0.2.2
0.2.3
0.3.0
0.4.0
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-v65g-f3cj-fjp4/GHSA-v65g-f3cj-fjp4.json"