pymatgen is vulnerable to Regular Expression Denial of Service (ReDoS)

An exponential ReDoS Regular Expression Denial of Service can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.fromstring method...

GHSA-5JQP-885W-XJ32 pymatgen is vulnerable to Regular Expression Denial of Service (ReDoS)

An exponential ReDoS Regular Expression Denial of Service can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.fromstring method...

UBUNTU-CVE-2022-42964

An exponential ReDoS Regular Expression Denial of Service can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.fromstring method...

CVE-2022-42964

CVE-2022-42964 affects the Python package pymatgen (PyPI). The vulnerability arises in the function/flow related to parsing Gaussian inputs, specifically GaussianInput.from_string, where crafted input can trigger an exponential ReDoS in the regular expression handling. This condition can lead to ...

PT-2022-26683 · Pypi +1 · Pymatgen +1

Name of the Vulnerable Software and Affected Versions: pymatgen affected versions not specified Description: An exponential ReDoS Regular Expression Denial of Service can be triggered in the pymatgen PyPI package when an attacker is able to supply arbitrary input to the GaussianInput.from string...

Jinja2 2.10 - (from_string) Server Side Template Injection Exploit

Exploit for python platform in category web applications ''' Exploit Title: Jinja2 Command injection fromstring function Date: date Exploit Author: JameelNabbo Website: Ordina.nl Vendor Homepage: http://jinja.pocoo.org Software Link: https://pypi.org/project/Jinja2/files Version: 2.10 Tested on:...

UBUNTU-CVE-2019-8341

An issue was discovered in Jinja2 2.10. The fromstring function is prone to Server Side Template Injection SSTI where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and...

DEBIAN-CVE-2019-8341

An issue was discovered in Jinja2 2.10. The fromstring function is prone to Server Side Template Injection SSTI where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and...

Code Injection

The fromstring function is prone to Server Side Template Injection SSTI where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI...