[issue46474] Inefficient regular expression complexity in EntryPoint.pattern
Jason R. Coombs
report at bugs.python.org
Sat Jan 22 14:18:51 EST 2022
New submission from Jason R. Coombs <jaraco at jaraco.com>:
Originally reported to the Python Security Response Team, the EntryPoint.pattern demonstrates a potential [ReDoS](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_).
The issue has been patched and fix released with importlib_metadata 4.10.1. Let's get that fix incorporated into Python as well.
----------
assignee: jaraco
components: Library (Lib)
messages: 411282
nosy: jaraco
priority: normal
severity: normal
status: open
title: Inefficient regular expression complexity in EntryPoint.pattern
type: security
versions: Python 3.10, Python 3.11, Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue46474>
_______________________________________
More information about the Python-bugs-list
mailing list