CVE-2022-39280: ReDoS issue in dparse
(updated )
dparse versions prior to 0.5.1 contain a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
All users parsing index server URLs with dparse are impacted by this vulnerability.
References
- github.com/advisories/GHSA-8fg9-p83m-x5pq
- github.com/pypa/advisory-database/tree/main/vulns/dparse/PYSEC-2022-301.yaml
- github.com/pyupio/dparse
- github.com/pyupio/dparse/commit/8c990170bbd6c0cf212f1151e9025486556062d5
- github.com/pyupio/dparse/commit/d87364f9db9ab916451b1b036cfeb039e726e614
- github.com/pyupio/dparse/security/advisories/GHSA-8fg9-p83m-x5pq
- nvd.nist.gov/vuln/detail/CVE-2022-39280
- owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
Detect and mitigate CVE-2022-39280 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →