CVE-2022-42969

Published October 16th, 2022

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

N/A

Affected

PROJECTS

Description

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability.

library with cross-python path, ini-parsing, io, code, log facilities

Python Package Index

pytest-dev/py

Python development support library (note: maintenance only)

GitHub