New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerable Regular Expression in inventory #8175
Comments
Thank you for reporting. |
Hi @tk0miya , |
Oops... I pushed the correct fix to the GitHub. Could you check it again, please? |
The pattern modification looks good to me. |
Thank you for your confirmation! |
Fix #8175: intersphinx: Potential of regex denial of service by inventory
Type of Issue
Potential Regex Denial of Service (ReDoS)
Description
The vulnerable regular expression is located in
sphinx/sphinx/util/inventory.py
Line 125 in 31f26a0
The ReDOS vulnerability of the regex is mainly due to the sub-patterns
(\S*:\S*)
and can be exploited with the following string" " + ":" * 5000
I think you can limit the input length or modify this regex.
The text was updated successfully, but these errors were encountered: