CVE-2022-42966

Inefficient Regular Expression Complexity in pypi/cleo

Identifiers

CVE-2022-42966

Package Slug

pypi/cleo

Vulnerability

Inefficient Regular Expression Complexity

Description

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method

Affected Versions

All versions before 1.0.0

Solution

Upgrade to version 1.0.0 or above.

Last Modified

2022-11-13

source