CVE-2022-39280

CVSS v4.0

8.2

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions dparse versions prior to 0.5.2

Description dparse is a parser for Python dependency files. The issue concerns a regular expression that is vulnerable to a Regular Expression Denial of Service (ReDoS). All users parsing index server URLs with dparse are impacted by this issue.

Recommendations For versions prior to 0.5.2, upgrade to version 0.5.2 as soon as possible. For users unable to upgrade, avoid passing index server URLs in the source file to be parsed.

Exploit

Fix

Resource Exhaustion

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-1333

Related Identifiers

CVE-2022-39280

GHSA-8FG9-P83M-X5PQ

PYSEC-2022-301

Affected Products

Dparse

CVE-2022-39280

Weakness Enumeration

Related Identifiers

Affected Products

References · 13