Vulnerabilities > CVE-2022-42969 - Unspecified vulnerability in Pytest PY
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability.
Vulnerable Configurations
References
- https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316
- https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316
- https://github.com/pytest-dev/py/issues/287
- https://github.com/pytest-dev/py/issues/287
- https://news.ycombinator.com/item?id=34163710
- https://news.ycombinator.com/item?id=34163710
- https://pypi.org/project/py
- https://pypi.org/project/py