{"id":"CVE-2022-40023","details":"Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.","aliases":["GHSA-v973-fxgf-6xhp","PYSEC-2022-260"],"modified":"2026-05-15T11:54:42.373064707Z","published":"2022-09-07T00:00:00Z","related":["ALSA-2023:2258","ALSA-2023:2893","SUSE-SU-2022:3700-1","SUSE-SU-2022:3701-1","SUSE-SU-2022:3979-1","openSUSE-SU-2024:13610-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/40xxx/CVE-2022-40023.json","cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://github.com/sqlalchemy/mako/blob/c2f392e0be52dc67d1b9770ab8cce6a9c736d547/mako/ext/extract.py#L21"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/12/msg00004.html"},{"type":"WEB","url":"https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/"},{"type":"WEB","url":"https://pyup.io/vulnerabilities/CVE-2022-40023/50870/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/40xxx/CVE-2022-40023.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40023"},{"type":"REPORT","url":"https://github.com/sqlalchemy/mako/issues/366"},{"type":"FIX","url":"https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00026.html"}],"schema_version":"1.7.5"}