MEDIUM 5.9
PYSEC-2026-806
Regular expression denial of service in eth-account
Details
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-1930 [ADVISORY]
- https://github.com/ethereum/eth-account/commit/70f89be700df0d5f08ef696252c88741f8414060 [WEB]
- https://github.com/ethereum/eth-account [PACKAGE]
- https://research.jfrog.com/vulnerabilities/eth-account-redos-xray-248681 [WEB]
- https://pypi.org/project/eth-account [PACKAGE]
- https://github.com/advisories/GHSA-v65g-f3cj-fjp4 [ADVISORY]