PYSEC-2022-43178

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/cleo/PYSEC-2022-43178.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2022-43178

Aliases

Published

2022-11-09T20:15:10Z

Modified

2025-04-09T17:59:34.523512Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method

References

https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186/

Affected packages

PyPI / cleo

Package

Name: cleo; View open source insights on deps.dev
Purl: pkg:pypi/cleo

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0

Affected versions

0.*

0.2.0

0.2.1

0.3.0

0.4.0

0.4.1

0.5.0

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4b1

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.7.5

0.7.6

0.8.0

0.8.1

1.*

1.0.0a1

1.0.0a2

1.0.0a3

1.0.0a4

1.0.0a5

1.0.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/cleo/PYSEC-2022-43178.yaml"