Skip to content

ReDoS issue

Low
yeisonvargasf published GHSA-8fg9-p83m-x5pq Sep 24, 2022

Package

pip dparse (pip)

Affected versions

<0.5.1

Patched versions

>=0.5.2

Description

Impact

dparse in versions <0.5.1 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).

All the users parsing index server URLs with dparse are impacted by this vulnerability.

Patches

The Patch is applied in the 0.5.2 version, all the users have to upgrade to 0.5.2 as soon as possible.

Workarounds

Avoid passing index server URLs in the source file to be parsed.

References

https://github.com/pyupio/dparse/tree/security/remove-intensive-regex

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2022-39280

Weaknesses

No CWEs