Hi,
I'm introducing python-cleo 1.0.0a5 that has this vulnerability. I need
it for new upstream release of poetry (1.2.2). But I applied a patch
from upstream to fix this issue [0].
There's a new upstream release from cleo 2.0.1 but this break poetry
[1]. So, we need to wait a new upstream r
Hi,
thanks for the report.
I made some checks and seems that the issue is in version 1.0.0a*. That
they are prereleases.
In previous versions the manage of Table was in clickit, perhaps the
issue is also in clickit?
So, cleo package in Debian doesn't have that issue.
Cheers,
Emmanuel
Source: python-cleo
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for python-cleo.
CVE-2022-42966[0]:
| An exponential ReDoS (Regular Expression Denial of Service) can be
| triggered in the cleo PyPI package, when an attac
3 matches
Mail list logo
