PYSEC-2019-167

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/colander/PYSEC-2019-167.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2019-167

Aliases

CVE-2017-18361
GHSA-rv95-4wxj-6fqq

Published

2019-02-01T09:29:00Z

Modified

2023-11-08T03:59:16.040712Z

Summary

[none]

Details

In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.

References

https://github.com/Pylons/colander/pull/323
https://github.com/Pylons/colander/issues/290
https://github.com/advisories/GHSA-rv95-4wxj-6fqq

Affected packages

PyPI / colander

Package

Name: colander; View open source insights on deps.dev
Purl: pkg:pypi/colander

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.0

Affected versions

0.*

0.1

0.2

0.3

0.4

0.5

0.5.1

0.5.2

0.6.0

0.6.1

0.6.2

0.7.0

0.7.1

0.7.2

0.7.3

0.8

0.9

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

1.*

1.0a1

1.0a2

1.0a3

1.0a4

1.0a5

1.0b1

1.0

1.1

1.2

1.3

1.3.1

1.3.2

1.3.3

1.4

1.5

1.5.1

1.6.0