FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-dparse -- REDoS vulnerability

Affected packages
py310-dparse < 0.5.2
py311-dparse < 0.5.2
py37-dparse < 0.5.2
py38-dparse < 0.5.2
py39-dparse < 0.5.2


VuXML ID 83b29e3f-886f-439f-b9a8-72e014479ff9
Discovery 2022-10-06
Entry 2023-08-31

yeisonvargasf reports:

dparse is a parser for Python dependency files.

dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service.

All the users parsing index server URLs with dparse are impacted by this vulnerability.

Users unable to upgrade should avoid passing index server URLs in the source file to be parsed.


CVE Name CVE-2022-39280