Vulnerabilities > CVE-2023-26112 - Unspecified vulnerability in Configobj Project Configobj
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494
- https://github.com/DiffSK/configobj/issues/232
- https://lists.fedoraproject.org/archives/list/[email protected]/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK/