OESA-2023-1683

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1683

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1683.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2023-1683

Upstream

CVE-2022-40023

Published

2023-09-28T11:06:01Z

Modified

2025-09-03T06:18:26.396725Z

Summary

python-mako security update

Details

Python-mako is a template library for Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Mako's syntax and API borrows from the best ideas of many others, including Django templates, Cheetah, Myghty, and Genshi.

Security Fix(es):

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.(CVE-2022-40023)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP3 / python-mako

Package

Name: python-mako
Purl: pkg:rpm/openEuler/python-mako&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.6-14.oe1

Ecosystem specific

{
    "noarch": [
        "python3-mako-1.0.6-14.oe1.noarch.rpm",
        "python-mako-help-1.0.6-14.oe1.noarch.rpm",
        "python2-mako-1.0.6-14.oe1.noarch.rpm"
    ],
    "src": [
        "python-mako-1.0.6-14.oe1.src.rpm"
    ]
}