FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-dparse -- REDoS vulnerability

Affected packages
py310-dparse < 0.5.2
py311-dparse < 0.5.2
py37-dparse < 0.5.2
py38-dparse < 0.5.2
py39-dparse < 0.5.2

Details

VuXML ID 83b29e3f-886f-439f-b9a8-72e014479ff9
Discovery 2022-10-06
Entry 2023-08-31

yeisonvargasf reports:

dparse is a parser for Python dependency files.

dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service.

All the users parsing index server URLs with dparse are impacted by this vulnerability.

Users unable to upgrade should avoid passing index server URLs in the source file to be parsed.

[source]

References

CVE Name CVE-2022-39280
URL https://osv.dev/vulnerability/GHSA-8fg9-p83m-x5pq
URL https://osv.dev/vulnerability/PYSEC-2022-301

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.