CVE-2022-42969
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability.
py library versiones hasta 1.11.0, para Python permite a atacantes remotos llevar a cabo un ataque ReDoS (Expresión Regular de Denegación de Servicio) por medio de un repositorio Subversion con datos de información diseñados, porque el argumento InfoSvnCommand está mal gestionado
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-10-16 CVE Reserved
- 2022-10-16 CVE Published
- 2024-06-06 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-1333: Inefficient Regular Expression Complexity
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316 | Product | |
| https://news.ycombinator.com/item?id=34163710 | Issue Tracking | |
| https://pypi.org/project/py | Product |
| URL | Date | SRC |
|---|---|---|
| https://github.com/pytest-dev/py/issues/287 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|