This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author yetingli
Recipients yetingli
Date 2020-09-04.09:47:22
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
I  find this regex "(\d+\.\d+\.\d+)(\w+\d+)?$" may be stucked by input.
The vulnerable regex is located in

The ReDOS vulnerability of the regex is mainly due to the sub-pattern \w+\d+
and can be exploited with the following string
"1.1.1"+"1" * 5000 + "!"

I think you can limit the input length or fix this regex.

For example, you can modify the sub-pattern \w+\d+ to ([A-Za-z_]*\d)+

Looking forward for your response​!

Yeting Li
Date User Action Args
2020-09-04 09:47:22yetinglisetrecipients: + yetingli
2020-09-04 09:47:22yetinglisetmessageid: <>
2020-09-04 09:47:22yetinglilinkissue41712 messages
2020-09-04 09:47:22yetinglicreate