CVE-2022-42966 – cleo

Package

Manager: pip
Name: cleo
Vulnerable Version: >=0 <2.0.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00197 pctl0.41837

Details

cleo is vulnerable to Regular Expression Denial of Service (ReDoS) An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method.

Metadata

Created: 2022-11-10T12:01:17Z
Modified: 2025-04-10T13:28:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-2p9h-ccw7-33gf/GHSA-2p9h-ccw7-33gf.json
CWE IDs: ["CWE-1333"]
Alternative ID: GHSA-2p9h-ccw7-33gf
Finding: F211
Auto approve: 1