PYSEC-2020-92
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/py/PYSEC-2020-92.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2020-92
- Aliases
- Published
- 2020-12-09T07:15:00Z
- Modified
- 2023-11-08T04:03:31.657020Z
- Summary
- [none]
- Details
-
A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
- References
-
- https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144
- https://github.com/pytest-dev/py/issues/256
- https://github.com/pytest-dev/py/pull/257
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYWNYEV3FGDHPIHX4DDUDMFZ6NLCQRC4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHDTINIBJZ67T3W74QTBIY5LPKAXEOGR/
- https://github.com/advisories/GHSA-hj5v-574p-mj7c
Affected packages
PyPI / py
Package
- Name
- py
- View open source insights on deps.dev
- Purl
- pkg:pypi/py
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.0
Affected versions
0.*
0.8.0-alpha2
0.9.0
0.9.1
0.9.2
1.*
1.0.0
1.0.1
1.0.2
1.1.0
1.1.1
1.2.0
1.2.1
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7.dev3
1.4.7
1.4.8
1.4.9
1.4.10
1.4.11
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.20
1.4.21
1.4.22
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.30
1.4.31
1.4.32.dev1
1.4.32
1.4.33
1.4.34
1.5.1
1.5.2
1.5.3
1.5.4
1.6.0
1.7.0
1.8.0
1.8.1
1.8.2
1.9.0