Pypi · Dparse · CVE-2022-39280
**Name of the Vulnerable Software and Affected Versions**
dparse versions prior to 0.5.2
**Description**
dparse is a parser for Python dependency files. The issue concerns a regular expression that is vulnerable to a Regular Expression Denial of Service (ReDoS). All users parsing index server URLs with dparse are impacted by this issue.
**Recommendations**
For versions prior to 0.5.2, upgrade to version 0.5.2 as soon as possible.
For users unable to upgrade, avoid passing index server URLs in the source file to be parsed.