CVE-2017-18361: Pylons Colander Denial of Service vulnerability

February 7, 2019 (updated September 13, 2024)

In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.

References

github.com/Pylons/colander
github.com/Pylons/colander/commit/98805557c10ab5ff3016ed09aa2d48c49b9df40b
github.com/Pylons/colander/issues/290
github.com/Pylons/colander/pull/323
github.com/advisories/GHSA-rv95-4wxj-6fqq
github.com/pypa/advisory-database/tree/main/vulns/colander/PYSEC-2019-167.yaml
nvd.nist.gov/vuln/detail/CVE-2017-18361

Detect and mitigate CVE-2017-18361 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →