vulnerability
FreeBSD: VID-83B29E3F-886F-439F-B9A8-72E014479FF9 (CVE-2022-39280): py-dparse -- REDoS vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Oct 6, 2022 | Sep 1, 2023 | Jan 28, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Oct 6, 2022
Added
Sep 1, 2023
Modified
Jan 28, 2025
Description
dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed.
Solutions
freebsd-upgrade-package-py310-dparsefreebsd-upgrade-package-py311-dparsefreebsd-upgrade-package-py37-dparsefreebsd-upgrade-package-py38-dparsefreebsd-upgrade-package-py39-dparse
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.