Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.
References
Link | Resource |
---|---|
https://github.com/sqlalchemy/mako/blob/c2f392e0be52dc67d1b9770ab8cce6a9c736d547/mako/ext/extract.py#L21 | Exploit Third Party Advisory |
https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c | Patch |
https://github.com/sqlalchemy/mako/issues/366 | Issue Tracking Patch |
https://lists.debian.org/debian-lts-announce/2022/09/msg00026.html | Mailing List Third Party Advisory |
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/ | Exploit Third Party Advisory |
https://pyup.io/vulnerabilities/CVE-2022-40023/50870/ | Third Party Advisory |
Configurations
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1333 |
01 Mar 2023, 02:10
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
10 Sep 2022, 02:13
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:sqlalchemy:mako:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/sqlalchemy/mako/issues/366 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://pyup.io/vulnerabilities/CVE-2022-40023/50870/ - Third Party Advisory | |
References | (MISC) https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c - Patch, Third Party Advisory | |
References | (MISC) https://github.com/sqlalchemy/mako/blob/c2f392e0be52dc67d1b9770ab8cce6a9c736d547/mako/ext/extract.py#L21 - Exploit, Third Party Advisory |
07 Sep 2022, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-07 13:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-40023
Mitre link : CVE-2022-40023
CVE.ORG link : CVE-2022-40023
JSON object : View
Products Affected
debian
- debian_linux
sqlalchemy
- mako
CWE
CWE-1333
Inefficient Regular Expression Complexity