Mako-1.2.0-py3-none-any.whl: 1 vulnerabilities (highest severity is: 7.5)
Opened this issue · 0 comments
Vulnerable Library - Mako-1.2.0-py3-none-any.whl
A super-fast templating language that borrows the best ideas from the existing templating languages.
Library home page: https://files.pythonhosted.org/packages/6e/01/45ab9f723a93e0ca75fba4d2c266bb041120cb4215eab94f7c78743ac7ed/Mako-1.2.0-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Found in HEAD commit: 8132fbdbfff0ec0a5c67241289b0b10059bc8370
Vulnerabilities
CVE | Severity | CVSS | Dependency | Type | Fixed in | Remediation Available |
---|---|---|---|---|---|---|
CVE-2022-40023 | High | 7.5 | Mako-1.2.0-py3-none-any.whl | Direct | Mako - 1.2.2 | ❌ |
Details
CVE-2022-40023
Vulnerable Library - Mako-1.2.0-py3-none-any.whl
A super-fast templating language that borrows the best ideas from the existing templating languages.
Library home page: https://files.pythonhosted.org/packages/6e/01/45ab9f723a93e0ca75fba4d2c266bb041120cb4215eab94f7c78743ac7ed/Mako-1.2.0-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Dependency Hierarchy:
- ❌ Mako-1.2.0-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 8132fbdbfff0ec0a5c67241289b0b10059bc8370
Found in base branch: main
Vulnerability Details
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.
Publish Date: 2022-09-07
URL: CVE-2022-40023
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2022-09-07
Fix Resolution: Mako - 1.2.2
Step up your Open Source Security Game with Mend here