Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-40023

Published: 07/09/2022 Updated: 08/08/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Mako

Vulnerability Summary

Sqlalchemy mako prior to 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sqlalchemy mako

debian debian linux 10.0

Vendor Advisories

Amazon Linux 2: ALAS2-2023-2164
Sqlalchemy mako before 122 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse This also affects babelplugin and linguaplugin (CVE-2022-40023) ...
Red Hat: Moderate: Red Hat OpenShift Data Foundation 4.12.3 Security and Bug fix update
Synopsis Moderate: Red Hat OpenShift Data Foundation 4123 Security and Bug fix update Type/Severity Security Advisory: Moderate Topic Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4123 on Red Hat Enterprise Linux 8 from Red Hat Container RegistryRed Hat Product Security has rated this update ...
Red Hat: Moderate: python-mako security update
Synopsis Moderate: python-mako security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-mako is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as hav ...
Red Hat: Moderate: python-mako security update
Synopsis Moderate: python-mako security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-mako is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as hav ...
Red Hat: Moderate: Red Hat OpenShift Data Foundation 4.11.9 security and bug fix update
Synopsis Moderate: Red Hat OpenShift Data Foundation 4119 security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4119 on Red Hat Enterprise Linux 8 from Red Hat Container RegistryRed Hat Product Security has rated this update ...
Red Hat: Moderate: Red Hat OpenShift Data Foundation 4.12.4 security and Bug Fix update
Synopsis Moderate: Red Hat OpenShift Data Foundation 4124 security and Bug Fix update Type/Severity Security Advisory: Moderate Topic Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4124 on Red Hat Enterprise Linux 8 from Red Hat Container RegistryRed Hat Product Security has rated this update ...
Red Hat: Important: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update
Synopsis Important: Red Hat OpenShift Data Foundation 4130 security and bug fix update Type/Severity Security Advisory: Important Topic Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4130 on Red Hat Enterprise Linux 9Red Hat ...
Red Hat: Important: OpenShift Container Platform 4.13.2 bug fix and security update
Synopsis Important: OpenShift Container Platform 4132 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4132 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...
Red Hat:
Description The MITRE CVE dictionary describes this issue as: Sqlalchemy mako before 122 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse This also affects babelplugin and linguaplugin ...

Github Repositories

https://github.com/doudoudedi/hackEmbedded

This tool is used for backdoor,shellcode generation,Information retrieval and POC arrangement for various architecture devices

hackebds 🔗中文readme foreword In the process of penetration and vulnerability mining of embedded devices, many problems have been encountered One is that some devices do not have telnetd or ssh services to obtain an interactive shell,Some devices are protected by firewall and cannot be connected to it in the forward direction Reverse_shell is required, and the other

References

CWE-1333https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068chttps://pyup.io/vulnerabilities/CVE-2022-40023/50870/https://github.com/sqlalchemy/mako/issues/366https://github.com/sqlalchemy/mako/blob/c2f392e0be52dc67d1b9770ab8cce6a9c736d547/mako/ext/extract.py#L21https://lists.debian.org/debian-lts-announce/2022/09/msg00026.htmlhttps://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/https://nvd.nist.govhttps://github.com/doudoudedi/hackEmbeddedhttps://alas.aws.amazon.com/AL2/ALAS-2023-2164.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook