Skip to content
This repository has been archived by the owner on May 22, 2024. It is now read-only.

[Snyk:High] Django Regular Expression Denial of Service (ReDoS)(due by 08/17/2023) #773

Closed
2 tasks done
pkfec opened this issue Jul 6, 2023 · 1 comment
Closed
2 tasks done

[Snyk:High] Django Regular Expression Denial of Service (ReDoS)(due by 08/17/2023) #773

pkfec opened this issue Jul 6, 2023 · 1 comment
Assignees
@pkfec
Labels
Security: general General security concern or issue Security: high Remediate within 30 days
Milestone
Sprint 22.2

Comments

@pkfec
Copy link
Contributor

pkfec commented Jul 6, 2023
edited
Loading

Overview

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the EmailValidator and URLValidator classes, when processing a very large number of domain name labels on emails or URLs

https://app.snyk.io/org/fecgov/project/5e01de94-91bc-43d8-90b1-8843384b4b26#issue-SNYK-PYTHON-DJANGO-5750790

Detailed path:

django@3.2.19, django-haystack@3.1.1 and others

Completion criteria:

  • Pin django to version 3.2.20 or 4.1.10 or 4.2.3
  • parser functionality works
@pkfec pkfec added Security: high Remediate within 30 days Security: general General security concern or issue labels Jul 6, 2023
@pkfec pkfec added this to the Sprint 22.2 milestone Jul 6, 2023
This was referenced Jul 6, 2023
Closed
Closed
This was referenced Jul 19, 2023
Closed
Closed
@pkfec pkfec mentioned this issue Jul 26, 2023
Merged
@pkfec
Copy link
Contributor Author

pkfec commented Aug 1, 2023

PR #776 merged. Hence closing this issue

@pkfec pkfec closed this as completed Aug 1, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@pkfec pkfec

Labels
Security: general General security concern or issue Security: high Remediate within 30 days
Projects
None yet
Milestone
Sprint 22.2
Development

No branches or pull requests
1 participant
@pkfec