CVE-2022-40023

Name
CVE-2022-40023
Description
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c
MISC https://pyup.io/vulnerabilities/CVE-2022-40023/50870/
MISC https://github.com/sqlalchemy/mako/issues/366
MISC https://github.com/sqlalchemy/mako/blob/c2f392e0be52dc67d1b9770ab8cce6a9c736d547/mako/ext/extract.py#L21
Mailing List https://lists.debian.org/debian-lts-announce/2022/09/msg00026.html
Exploit https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:sqlalchemy:mako:*:*:*:*:*:*:*:* mako >= None < 1.2.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status