CVE-2022-42964 – pymatgen

Package

Manager: pip
Name: pymatgen
Vulnerable Version: >=0 <=2022.9.21

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00361 pctl0.57521

Details

pymatgen is vulnerable to Regular Expression Denial of Service (ReDoS) An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the `GaussianInput.from_string` method.

Metadata

Created: 2022-11-10T12:01:17Z
Modified: 2023-08-31T00:33:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-5jqp-885w-xj32/GHSA-5jqp-885w-xj32.json
CWE IDs: ["CWE-1333"]
Alternative ID: GHSA-5jqp-885w-xj32
Finding: F211
Auto approve: 1