First published: Wed Sep 07 2022(Updated: )
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
pip/mako | <1.2.2 | 1.2.2 |
Sqlalchemy mako | <1.2.2 | |
Debian Debian Linux | =10.0 | |
<1.2.2 | ||
=10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-40023 is high with a CVSS score of 7.5.
CVE-2022-40023 affects Sqlalchemy mako versions prior to 1.2.2.
Sqlalchemy mako versions prior to 1.2.2, mako package from pip, Sqlalchemy mako from the source, and Debian Linux version 10.0 are affected by CVE-2022-40023.
CVE-2022-40023 is a vulnerability in Sqlalchemy mako before 1.2.2 that allows Regular expression Denial of Service (ReDoS) when using the Lexer class to parse.
To remediate CVE-2022-40023, update Sqlalchemy mako to version 1.2.2 or higher.