Published: 16/10/2022 Updated: 17/05/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

The py library up to and including 1.11.0 for Python allows remote malicious users to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pytest py

Poetry plugin for checking vulnerabilities in dependencies 🚀

Poetry Audit Plugin Poetry plugin for checking security vulnerabilities in dependencies based on safety $ poetry audit Scanning 19 packages • ansible-runner installed 112 affected <131 CVE PVE-2021-36995 • ansible-tower-cli installed 318 affected <320 CVE CVE-2020-1733 • jinja2 installed 20 affected &am

CWE-1333 https://pypi.org/project/py https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316 https://github.com/pytest-dev/py/issues/287 https://news.ycombinator.com/item?id=34163710 https://nvd.nist.gov https://github.com/opeco17/poetry-audit-plugin

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-42969

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect