CVE-2022-42969: security issue in library py used by this project #10392
Comments
|
The affected code is not used in pytest (or anywhere else relevant, for that matter), so you can safely ignore that. Unfortunately, whoever got that CVE probably wasn't aware of the consequences of their actions... See pytest-dev/py#287 (in particular pytest-dev/py#287 (comment)) and #7259. |
This was referenced Nov 22, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
alias: CVE-2022-42969
details: The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled.
fixed in:
id: GHSA-w596-4wvx-j9j6
link: https://osv.dev/vulnerability/GHSA-w596-4wvx-j9j6
source: osv
There is no patch available yet. Is it still necessary that this project uses the old py library?
The text was updated successfully, but these errors were encountered: