CVE-2022-40023 – mako

Package

Manager: pip
Name: mako
Vulnerable Version: >=0 <1.2.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00549 pctl0.6696

Details

mako is vulnerable to Regular Expression Denial of Service Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.

Metadata

Created: 2022-09-16T17:20:25Z
Modified: 2024-09-30T16:59:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-v973-fxgf-6xhp/GHSA-v973-fxgf-6xhp.json
CWE IDs: ["CWE-1333"]
Alternative ID: GHSA-v973-fxgf-6xhp
Finding: F211
Auto approve: 1