New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inefficient regular expression complexity in EntryPoint.pattern #361
Comments
Tim Peters had this suggested fix:
|
jaraco
added a commit
that referenced
this issue
Jan 17, 2022
jaraco
added a commit
that referenced
this issue
Jan 17, 2022
…ved entry points. Fixes #361. Credit to Tim Peters. Reduces cost from almost 2 seconds to ~100 µs on my workstation as reported by entrypoint_regexp_perf.
jaraco
added a commit
that referenced
this issue
Jan 17, 2022
jaraco
added a commit
that referenced
this issue
Jan 23, 2022
…ved entry points. Fixes #361. Credit to Tim Peters. Reduces cost from almost 2 seconds to ~100 µs on my workstation as reported by entrypoint_regexp_perf.
Released with v4.10.1 and v2.1.3 (supporting Python 2.7) (manually released due to pytest-dev/pyfakefs#659). |
halstead
pushed a commit
to openembedded/openembedded-core
that referenced
this issue
Jan 25, 2022
v4.10.1 * 361: Avoid potential REDoS in EntryPoint.pattern. References: python/importlib_metadata#361 Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
splitice
pushed a commit
to HalleyAssist/poky
that referenced
this issue
Jan 25, 2022
v4.10.1 * 361: Avoid potential REDoS in EntryPoint.pattern. References: python/importlib_metadata#361 (From OE-Core rev: 60b478ef8990967e306243f6066d9ae261bbc3b9) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
splitice
pushed a commit
to HalleyAssist/poky
that referenced
this issue
Jan 25, 2022
v4.10.1 * 361: Avoid potential REDoS in EntryPoint.pattern. References: python/importlib_metadata#361 (From OE-Core rev: 60b478ef8990967e306243f6066d9ae261bbc3b9) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
to openembedded/openembedded-core
that referenced
this issue
Jan 26, 2022
v4.10.1 * 361: Avoid potential REDoS in EntryPoint.pattern. References: python/importlib_metadata#361 Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
splitice
pushed a commit
to HalleyAssist/poky
that referenced
this issue
Jan 26, 2022
v4.10.1 * 361: Avoid potential REDoS in EntryPoint.pattern. References: python/importlib_metadata#361 (From OE-Core rev: d7a7e6d640a5b0819be4478aeb0f42d4a4981c89) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Originally reported to the Python Security Response Team, the EntryPoint.pattern demonstrates a potential ReDoS.
The text was updated successfully, but these errors were encountered: