{"id":"PYSEC-2020-92","details":"A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.","aliases":["CVE-2020-29651","GHSA-hj5v-574p-mj7c"],"modified":"2023-11-01T04:53:00.645246Z","published":"2020-12-09T07:15:00Z","references":[{"type":"WEB","url":"https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144"},{"type":"REPORT","url":"https://github.com/pytest-dev/py/issues/256"},{"type":"WEB","url":"https://github.com/pytest-dev/py/pull/257"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYWNYEV3FGDHPIHX4DDUDMFZ6NLCQRC4/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHDTINIBJZ67T3W74QTBIY5LPKAXEOGR/"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-hj5v-574p-mj7c"}],"affected":[{"package":{"name":"py","ecosystem":"PyPI","purl":"pkg:pypi/py"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.10.0"}]}],"versions":["0.8.0-alpha2","0.9.0","0.9.1","0.9.2","1.0.0","1.0.1","1.0.2","1.1.0","1.1.1","1.2.0","1.2.1","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7.dev3","1.4.7","1.4.8","1.4.9","1.4.10","1.4.11","1.4.12","1.4.13","1.4.14","1.4.15","1.4.16","1.4.17","1.4.18","1.4.19","1.4.20","1.4.21","1.4.22","1.4.23","1.4.24","1.4.25","1.4.26","1.4.27","1.4.28","1.4.29","1.4.30","1.4.31","1.4.32.dev1","1.4.32","1.4.33","1.4.34","1.5.1","1.5.2","1.5.3","1.5.4","1.6.0","1.7.0","1.8.0","1.8.1","1.8.2","1.9.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/py/PYSEC-2020-92.yaml"}}],"schema_version":"1.7.3"}