MEDIUM 5.9

GHSA-5jqp-885w-xj32

pymatgen is vulnerable to Regular Expression Denial of Service (ReDoS)

Details

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the `GaussianInput.from_string` method.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pymatgen

Introduced in: 0

No fixed version published yet for pymatgen (pip). Pin to a known-safe version or switch to an alternative.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-42964 [ADVISORY]
https://github.com/materialsproject/pymatgen/issues/2755 [WEB]
https://github.com/materialsproject/pymatgen [PACKAGE]
https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184 [WEB]