CVE-2022-42969
https://notcve.org/view.php?id=CVE-2022-42969
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability. py library versiones hasta 1.11.0, para Python permite a atacantes remotos llevar a cabo un ataque ReDoS (Expresión Regular de Denegación de Servicio) por medio de un repositorio Subversion con datos de información diseñados, porque el argumento InfoSvnCommand está mal gestionado • https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316 https://github.com/pytest-dev/py/issues/287 https://news.ycombinator.com/item?id=34163710 https://pypi.org/project/py • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2020-29651
https://notcve.org/view.php?id=CVE-2020-29651
A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. Una denegación de servicio por medio de una expresión regular en el componente py.path.svnwc de py (también se conoce como python-py) versiones hasta 1.9.0, podría ser usada por atacantes para causar un ataque de denegación de servicio del compute-time al suministrar una entrada maliciosa en la funcionalidad blame • https://github.com/pytest-dev/py/issues/256 https://github.com/pytest-dev/py/pull/257 https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYWNYEV3FGDHPIHX4DDUDMFZ6NLCQRC4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHDTINIBJZ67T3W74QTBIY5LPKAXEOGR https://www.oracle.com/security-alerts/cpujul2022.html •