Advisories for Pypi/Mako package

2022

Inefficient Regular Expression Complexity

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2010-2480 Python-Mako (prior v0.3.4): Improper escaping of single quotes in escape.cgi (XSS)