New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inefficient regular expression complexity in EntryPoint.pattern #90632
Comments
Originally reported to the Python Security Response Team, the EntryPoint.pattern demonstrates a potential ReDoS. The issue has been patched and fix released with importlib_metadata 4.10.1. Let's get that fix incorporated into Python as well. |
jaraco
added
3.8
only security fixes
stdlib
Python modules in the Lib dir
3.9
only security fixes
type-security
A security issue
3.10
only security fixes
3.11
only security fixes
labels
Jan 22, 2022
jaraco
added
stdlib
Python modules in the Lib dir
type-security
A security issue
labels
Jan 22, 2022
Because I want this security issue to be back-portable to older Pythons, I'll first apply importlib_metadata 4.10.0 and then apply the change from 4.10.1 separately. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: