Your submission was sent successfully! Close

CVE-2022-40023

Published: 7 September 2022

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
mako
Launchpad, Ubuntu, Debian
bionic
Released (1.0.7+ds1-1ubuntu0.2)
focal
Released (1.1.0+ds1-1ubuntu2.1)
jammy
Released (1.1.3+ds1-2ubuntu0.1)
trusty Ignored
(out of standard support)
upstream
Released (1.2.2+ds1-1)
xenial
Released (1.0.3+ds1-1ubuntu1+esm1)