[issue46474] Inefficient regular expression complexity in EntryPoint.pattern

Jason R. Coombs Sat, 22 Jan 2022 11:19:07 -0800


New submission from Jason R. Coombs <jar...@jaraco.com>:


Originally reported to the Python Security Response Team, the 
EntryPoint.pattern demonstrates a potential 
[ReDoS](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_).

The issue has been patched and fix released with importlib_metadata 4.10.1. 
Let's get that fix incorporated into Python as well.

----------
assignee: jaraco
components: Library (Lib)
messages: 411282
nosy: jaraco
priority: normal
severity: normal
status: open
title: Inefficient regular expression complexity in EntryPoint.pattern
type: security
versions: Python 3.10, Python 3.11, Python 3.8, Python 3.9

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue46474>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46474] Inefficient regular expression complexity in EntryPoint.pattern

Reply via email to