CVE-2022-1930

Name of the Vulnerable Software and Affected Versions eth-account (affected versions not specified)

Description The issue is related to an exponential ReDoS (Regular Expression Denial of Service) that can be triggered in the eth-account PyPI package. This occurs when an attacker is able to supply arbitrary input to the encode structured data method, potentially allowing a remote attacker to cause a denial of service. The vulnerability is associated with incorrect input data used as a condition for executing a cycle.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.