Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability.

Published

2022-10-16T06:15:09.797

Last Modified

2025-05-14T15:15:54.207

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-1333
Type: Secondary
CWE-1333

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pytest	py	≤ 1.11.0	Yes

References

https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316 Product ([email protected])
https://github.com/pytest-dev/py/issues/287 Exploit, Issue Tracking, Third Party Advisory ([email protected])
https://news.ycombinator.com/item?id=34163710 Issue Tracking, Third Party Advisory ([email protected])
https://pypi.org/project/py Product ([email protected])
https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316 Product (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/pytest-dev/py/issues/287 Exploit, Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=34163710 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://pypi.org/project/py Product (af854a3a-2127-422b-91ae-364da2661108)