CVE-2022-40023

Summary

CVE	CVE-2022-40023
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-09-07 13:15:00 UTC
Updated	2023-08-08 14:22:00 UTC
Description	Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.

Risk And Classification

Problem Types: CWE-1333

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Application	Sqlalchemy	Mako	All	All	All	All

References

Reference	Source	Link	Tags
quoted sections in tag not grouped correctly · Issue #366 · sqlalchemy/mako · GitHub	MISC	github.com
PyUp Vuln #50870	MISC	pyup.io
[SECURITY] [DLA 3116-1] mako security update	MLIST	lists.debian.org
PyUp Discovers ReDoS Vulnerabilities in Top Python Packages	MISC	pyup.io
mako/extract.py at c2f392e0be52dc67d1b9770ab8cce6a9c736d547 · sqlalchemy/mako · GitHub	MISC	github.com
fix tag regexp to match quoted groups correctly · sqlalchemy/mako@9257602 · GitHub	MISC	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160622 Oracle Enterprise Linux Security Update for python-mako (ELSA-2023-2258)
160667 Oracle Enterprise Linux Security Update for python-mako (ELSA-2023-2893)
181066 Debian Security Update for mako (DLA 3116-1)
183358 Debian Security Update for mako (CVE-2022-40023)
198947 Ubuntu Security Notification for Mako Vulnerability (USN-5625-1)
199027 Ubuntu Security Notification for Mako Vulnerability (USN-5625-2)
241449 Red Hat Update for python-mako (RHSA-2023:2258)
241502 Red Hat Update for python-mako (RHSA-2023:2893)
355683 Amazon Linux Security Advisory for python-mako : ALAS2-2023-2164
355805 Amazon Linux Security Advisory for python-mako : ALAS2023-2023-288
378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
378647 Alibaba Cloud Linux Security Update for python-mako (ALINUX3-SA-2023:0057)
378883 Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)
502580 Alpine Linux Security Update for py3-mako
504332 Alpine Linux Security Update for py3-mako
672776 EulerOS Security Update for python-mako (EulerOS-SA-2023-1514)
673346 EulerOS Security Update for python-mako (EulerOS-SA-2024-1294)
752797 SUSE Enterprise Linux Security Update for python-Mako (SUSE-SU-2022:3979-1)
903782 Common Base Linux Mariner (CBL-Mariner) Security Update for python-mako (10893)
903826 Common Base Linux Mariner (CBL-Mariner) Security Update for python-mako (10892)
904118 Common Base Linux Mariner (CBL-Mariner) Security Update for python-mako (10892-1)
904318 Common Base Linux Mariner (CBL-Mariner) Security Update for python-mako (10893-1)
941007 AlmaLinux Security Update for python-mako (ALSA-2023:2258)
941083 AlmaLinux Security Update for python-mako (ALSA-2023:2893)