/
PYSEC-2022-260.yaml
98 lines (98 loc) · 1.69 KB
/
PYSEC-2022-260.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
id: PYSEC-2022-260
details: Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of
Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.
affected:
- package:
name: mako
ecosystem: PyPI
purl: pkg:pypi/mako
ranges:
- type: GIT
repo: https://github.com/sqlalchemy/mako
events:
- introduced: "0"
- fixed: 925760291d6efec64fda6e9dd1fd9cfbd5be068c
- type: ECOSYSTEM
events:
- introduced: "0"
- fixed: 1.2.2
versions:
- 0.1.0
- 0.1.1
- 0.1.10
- 0.1.2
- 0.1.3
- 0.1.4
- 0.1.5
- 0.1.6
- 0.1.7
- 0.1.8
- 0.1.9
- 0.2.0
- 0.2.1
- 0.2.2
- 0.2.3
- 0.2.4
- 0.2.5
- 0.3.0
- 0.3.1
- 0.3.2
- 0.3.3
- 0.3.4
- 0.3.5
- 0.3.6
- 0.4.0
- 0.4.1
- 0.4.2
- 0.5.0
- 0.6.0
- 0.6.1
- 0.6.2
- 0.7.0
- 0.7.1
- 0.7.2
- 0.7.3
- 0.8.0
- 0.8.1
- 0.9.0
- 0.9.1
- 1.0.0
- 1.0.1
- 1.0.10
- 1.0.11
- 1.0.12
- 1.0.13
- 1.0.14
- 1.0.2
- 1.0.3
- 1.0.4
- 1.0.5
- 1.0.6
- 1.0.7
- 1.0.8
- 1.0.9
- 1.1.0
- 1.1.1
- 1.1.2
- 1.1.3
- 1.1.4
- 1.1.5
- 1.1.6
- 1.2.0
- 1.2.1
references:
- type: FIX
url: https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c
- type: WEB
url: https://pyup.io/vulnerabilities/CVE-2022-40023/50870/
- type: REPORT
url: https://github.com/sqlalchemy/mako/issues/366
- type: WEB
url: https://github.com/sqlalchemy/mako/blob/c2f392e0be52dc67d1b9770ab8cce6a9c736d547/mako/ext/extract.py#L21
- type: ADVISORY
url: https://github.com/advisories/GHSA-v973-fxgf-6xhp
aliases:
- CVE-2022-40023
- GHSA-v973-fxgf-6xhp
modified: "2022-09-07T14:38:27.809318Z"
published: "2022-09-07T13:15:00Z"