VDB
KO
HIGH 7.5

PYSEC-2022-43178

Details

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / cleo
Introduced in: 0 Fixed in: 2.0.0
Fix pip install --upgrade 'cleo>=2.0.0'

References