Hi,
A vulnerability was published for cleo in [0] and exposed in Debian [1][2].
| An exponential ReDoS (Regular Expression Denial of Service) can be
| triggered in the cleo PyPI package, when an attacker is able to supply
| arbitrary input to the Table.set_rows method
I didn't check it yet, but I'm going to do it.
[0] https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186/
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024018
[2] https://security-tracker.debian.org/tracker/CVE-2022-42966
Hi,
A vulnerability was published for cleo in [0] and exposed in Debian [1][2].
| An exponential ReDoS (Regular Expression Denial of Service) can be
| triggered in the cleo PyPI package, when an attacker is able to supply
| arbitrary input to the Table.set_rows method
I didn't check it yet, but I'm going to do it.
[0] https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186/
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024018
[2] https://security-tracker.debian.org/tracker/CVE-2022-42966