Home > Vulnerability Database > CVE-2022-42966

Mend.io Vulnerability Database

CVE-2022-42966

Good to know:

Date: November 8, 2022

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method

Language: Python

Severity Score

5.9

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-42966

Url: https://github.com/pypa/advisory-database/tree/main/vulns/cleo/PYSEC-2022-43178.yaml

Url: https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186

Url: https://github.com/python-poetry/cleo/releases/tag/2.0.0

Url: https://github.com/python-poetry/cleo/pull/285

Url: https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186/

Url: https://github.com/python-poetry/cleo

Url: https://github.com/python-poetry/cleo/commit/b5b9a04d2caf58bf7cf94eb7ae4a1ebbe60ea455

Url: https://www.mend.io/vulnerability-database/CVE-2022-42966

Severity Score

5.9

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version cleo - 2.0.0

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-42966

Good to know:

Date: November 8, 2022

Language: Python

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?