Lucene search
JFROGCVE-2022-42966HistoryNov 09, 2022 - 8:15 p.m.
CVE-2022-42966
2022-11-0920:15:10
CWE-1333
JFROG
web.nvd.nist.gov
63
2
cve-2022-42966
nvd
security
pypi
table.set_rows
redos
regular expression denial of service
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
36.8%
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method
Affected configurations
Node
python-poetrycleoMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| python-poetry | cleo | - | cpe:2.3:a:python-poetry:cleo:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "cleo",
"product": "cleo",
"versions": [
{
"version": "0",
"status": "affected",
"lessThan": "*",
"versionType": "custom"
}
]
}
]Social References
More
Related
osv
osv
cleo is vulnerable to Regular Expression Denial of Service (ReDoS)
2022-11-10 12:01:17
nvd
nvd
CVE-2022-42966
2022-11-09 20:15:10
ubuntucve
ubuntucve
CVE-2022-42966
2022-11-09 00:00:00
prion
prion
Design/Logic Flaw
2022-11-09 20:15:00
github
github
cleo is vulnerable to Regular Expression Denial of Service (ReDoS)
2022-11-10 12:01:17
cvelist
cvelist
CVE-2022-42966 Exponential ReDoS in cleo leads to denial of service
2022-11-09 00:00:00
debiancve
debiancve
CVE-2022-42966
2022-11-09 20:15:10
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2022-11-10 07:32:30
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
36.8%
Related for CVE-2022-42966