-
-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-42969: security issue in library py used by this project #10392
Comments
The affected code is not used in pytest (or anywhere else relevant, for that matter), so you can safely ignore that. Unfortunately, whoever got that CVE probably wasn't aware of the consequences of their actions... See pytest-dev/py#287 (in particular pytest-dev/py#287 (comment)) and #7259. |
This was referenced Nov 22, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
alias: CVE-2022-42969
details: The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled.
fixed in:
id: GHSA-w596-4wvx-j9j6
link: https://osv.dev/vulnerability/GHSA-w596-4wvx-j9j6
source: osv
There is no patch available yet. Is it still necessary that this project uses the old py library?
The text was updated successfully, but these errors were encountered: