{ "threat_severity" : "Moderate", "public_date" : "2022-09-07T00:00:00Z", "bugzilla" : { "description" : "python-mako: REDoS in Lexer class", "id" : "2128977", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2128977" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-1333", "details" : [ "Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.", "A vulnerability was found in the mako package. Affected versions of this package are vulnerable to Regular expression denial of service (ReDoS) attacks, affecting system availability." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-05-16T00:00:00Z", "advisory" : "RHSA-2023:2893", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "python-mako-0:1.0.6-14.el8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-05-09T00:00:00Z", "advisory" : "RHSA-2023:2258", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "python-mako-0:1.1.4-6.el9" } ], "package_state" : [ { "product_name" : "Red Hat Ceph Storage 3", "fix_state" : "Out of support scope", "package_name" : "python-pecan", "cpe" : "cpe:/a:redhat:ceph_storage:3" }, { "product_name" : "Red Hat Ceph Storage 4", "fix_state" : "Not affected", "package_name" : "python-pecan", "cpe" : "cpe:/a:redhat:ceph_storage:4" }, { "product_name" : "Red Hat Ceph Storage 5", "fix_state" : "Not affected", "package_name" : "python-pecan", "cpe" : "cpe:/a:redhat:ceph_storage:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "python-mako", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "python-mako", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "resource-agents", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "resource-agents", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Openshift Container Storage 4", "fix_state" : "Affected", "package_name" : "python-pecan", "cpe" : "cpe:/a:redhat:openshift_container_storage:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "python-pecan", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Out of support scope", "package_name" : "python-pecan", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 16.1", "fix_state" : "Not affected", "package_name" : "python-pecan", "cpe" : "cpe:/a:redhat:openstack:16.1" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "python-pecan", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 17.0", "fix_state" : "Not affected", "package_name" : "python-pecan", "cpe" : "cpe:/a:redhat:openstack:17.0" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "quay/quay-rhel8", "cpe" : "cpe:/a:redhat:quay:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-40023\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40023\nhttps://pyup.io/vulnerabilities/CVE-2022-40023/50870/" ], "name" : "CVE-2022-40023", "csaw" : false }