{"id":"PYSEC-2022-42969","details":"The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled.","aliases":["CVE-2022-42969","GHSA-w596-4wvx-j9j6","PYSEC-2022-43183"],"modified":"2026-05-19T05:26:04.235599731Z","published":"2022-11-04T11:00:00Z","references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-w596-4wvx-j9j6"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42969"},{"type":"REPORT","url":"https://github.com/pytest-dev/py/issues/287"},{"type":"REPORT","url":"https://github.com/pytest-dev/py/issues/288"},{"type":"REPORT","url":"https://github.com/pytest-dev/pytest/issues/10392"}],"affected":[{"package":{"name":"py","ecosystem":"PyPI","purl":"pkg:pypi/py"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"1.11.0"}]}],"versions":["0.8.0-alpha2","0.9.0","0.9.1","0.9.2","1.0.0","1.0.1","1.0.2","1.1.0","1.1.1","1.2.0","1.2.1","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7.dev3","1.4.7","1.4.8","1.4.9","1.4.10","1.4.11","1.4.12","1.4.13","1.4.14","1.4.15","1.4.16","1.4.17","1.4.18","1.4.19","1.4.20","1.4.21","1.4.22","1.4.23","1.4.24","1.4.25","1.4.26","1.4.27","1.4.28","1.4.29","1.4.30","1.4.31","1.4.32.dev1","1.4.32","1.4.33","1.4.34","1.5.1","1.5.2","1.5.3","1.5.4","1.6.0","1.7.0","1.8.0","1.8.1","1.8.2","1.9.0","1.10.0","1.11.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/py/PYSEC-2022-42969.yaml"}}],"schema_version":"1.7.3"}