[issue41921] REDoS in parseentities

Marc-Andre Lemburg added the comment: Interesting that the tool still exists. It uses mxTextTools, but in a non-packaged version, so it's been broken for two decades now :-) I think it's safe to remove it from Tools\scripts. -- ___ Python tracker

[issue41921] REDoS in parseentities

Change by Irit Katriel : -- nosy: +lemburg versions: +Python 3.11 -Python 3.5, Python 3.6, Python 3.7, Python 3.8 ___ Python tracker ___ ___

[issue41921] REDoS in parseentities

Pablo Galindo Salgado added the comment: Without evaluating the validity of the regex vulnerability, is important to note that the files in Tools/scripts are not part of the standard library and therefore they aren't a valid stack vector. -- nosy: +pablogsal

[issue41921] REDoS in parseentities

Change by Serhiy Storchaka : -- nosy: +serhiy.storchaka ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https

[issue41921] REDoS in parseentities

New submission from yeting li : Hi, I find this regex '' may be stucked by input. The vulnerable regex is located in https://github.com/python/cpython/blob/8d21aa21f2cbc6d50aab3f420bb23be1d081dac4/Tools/scripts/parseentities.py#L18 The ReDOS vulnerability of the regex is mainly due to the sub-