VDB
EN
HIGH 7.5

PYSEC-2026-1404

git-url-parse Regular Expression Denial of Service

상세

giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / git-url-parse
최초 영향 버전: 0

No fixed version published yet for git-url-parse (pip). Pin to a known-safe version or switch to an alternative.

참고