Vulnerabilities > CVE-2022-42969 - Unspecified vulnerability in Pytest PY

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

pytest

NVD

Published: 2022-10-16

Updated: 2023-02-28

Summary

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled.

Vulnerable Configurations

Part	Description	Count
Application	Pytest Pytest PY 1.0.0 Pytest PY 1.0.1 Pytest PY 1.0.2 Pytest PY 1.0.3 Pytest PY 1.1.0 Pytest PY 1.1.1 Pytest PY 1.3.0 Pytest PY 1.3.1 Pytest PY 1.3.2 Pytest PY 1.3.3 Pytest PY 1.3.4 Pytest PY 1.4.0 Pytest PY 1.4.1 Pytest PY 1.4.2 Pytest PY 1.4.3 Pytest PY 1.4.4 Pytest PY 1.4.6 Pytest PY 1.4.7 Pytest PY 1.4.9 Pytest PY 1.4.10 Pytest PY 1.4.11 Pytest PY 1.4.12 Pytest PY 1.4.13 Pytest PY 1.4.14 Pytest PY 1.4.15 Pytest PY 1.4.16 Pytest PY 1.4.17 Pytest PY 1.4.18 Pytest PY 1.4.19 Pytest PY 1.4.20 Pytest PY 1.4.21 Pytest PY 1.4.23 Pytest PY 1.4.24 Pytest PY 1.4.26 Pytest PY 1.4.27 Pytest PY 1.4.28 Pytest PY 1.4.29 Pytest PY 1.4.30 Pytest PY 1.4.31 Pytest PY 1.4.32 Pytest PY 1.4.33 Pytest PY 1.4.34 Pytest PY 1.5.0 Pytest PY 1.5.1 Pytest PY 1.5.2 Pytest PY 1.5.3 Pytest PY 1.5.4 Pytest PY 1.6.0 Pytest PY 1.7.0 Pytest PY 1.8.0 Pytest PY 1.8.1 Pytest PY 1.8.2 Pytest PY 1.9.0	57

Summary

Vulnerable Configurations

References