Impact
dparse in versions <0.5.1 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
All the users parsing index server URLs with dparse are impacted by this vulnerability.
Patches
The Patch is applied in the 0.5.2 version, all the users have to upgrade to 0.5.2 as soon as possible.
Workarounds
Avoid passing index server URLs in the source file to be parsed.
References
https://github.com/pyupio/dparse/tree/security/remove-intensive-regex
For more information
If you have any questions or comments about this advisory:
Impact
dparse in versions
<0.5.1contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).All the users parsing index server URLs with dparse are impacted by this vulnerability.
Patches
The Patch is applied in the
0.5.2version, all the users have to upgrade to0.5.2as soon as possible.Workarounds
Avoid passing index server URLs in the source file to be parsed.
References
https://github.com/pyupio/dparse/tree/security/remove-intensive-regex
For more information
If you have any questions or comments about this advisory: