Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01anFwLTg4NXcteGozMs4AAvzx
pymatgen is vulnerable to Regular Expression Denial of Service (ReDoS)
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01anFwLTg4NXcteGozMs4AAvzx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 8 months ago
CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-5jqp-885w-xj32, CVE-2022-42964
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-42964
- https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/
- https://github.com/materialsproject/pymatgen/issues/2755
- https://github.com/advisories/GHSA-5jqp-885w-xj32
Blast Radius: 15.7
Affected Packages
pypi:pymatgen
Dependent packages: 164Dependent repositories: 458
Downloads: 526,271 last month
Affected Version Ranges: <= 2022.9.21
No known fixed version
All affected versions: 1.0.4, 1.0.5, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.8, 1.2.9, 1.5.0, 1.6.0, 1.7.0, 1.7.2, 1.8.0, 1.8.2, 1.8.3, 1.9.0, 2.0.0, 2.1.0, 2.1.2, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.6, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.7.0, 2.7.1, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.7.8, 2.7.9, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.8.10, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.9.7, 2.9.8, 2.9.9, 2.9.10, 2.9.11, 2.9.12, 2.9.13, 2.9.14, 2.10.0, 2.10.1, 2.10.2, 2.10.3, 2.10.4, 2.10.5, 2.10.6, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.4.0, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.4.11, 4.4.12, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, 4.5.6, 4.5.7, 4.6.0, 4.6.1, 4.6.2, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 2017.6.8, 2017.6.22, 2017.6.24, 2017.7.4, 2017.7.21, 2017.8.4, 2017.8.14, 2017.8.16, 2017.8.20, 2017.8.21, 2017.9.1, 2017.9.3, 2017.9.23, 2017.10.16, 2017.11.6, 2017.11.9, 2017.11.27, 2017.11.30, 2017.12.6, 2017.12.8, 2017.12.15, 2017.12.16, 2017.12.30, 2018.1.19, 2018.1.29, 2018.2.13, 2018.3.2, 2018.3.13, 2018.3.14, 2018.3.23, 2018.4.6, 2018.4.20, 2018.5.3, 2018.5.14, 2018.5.21, 2018.5.22, 2018.6.11, 2018.6.27, 2018.7.15, 2018.7.23, 2018.8.7, 2018.8.10, 2018.9.1, 2018.9.12, 2018.9.19, 2018.9.30, 2018.10.18, 2018.11.6, 2018.11.30, 2018.12.12, 2019.1.13, 2019.1.24, 2019.2.4, 2019.2.24, 2019.2.28, 2019.3.13, 2019.3.27, 2019.4.11, 2019.5.1, 2019.5.8, 2019.5.28, 2019.6.5, 2019.6.20, 2019.7.2, 2019.7.21, 2019.7.30, 2019.8.14, 2019.8.23, 2019.9.7, 2019.9.8, 2019.9.12, 2019.9.16, 2019.10.2, 2019.10.3, 2019.10.4, 2019.10.16, 2019.11.11, 2019.12.3, 2019.12.22, 2020.1.10, 2020.1.28, 2020.3.2, 2020.3.13, 2020.4.2, 2020.4.29, 2020.6.8, 2020.7.3, 2020.7.10, 2020.7.14, 2020.7.16, 2020.7.18, 2020.8.3, 2020.8.13, 2020.9.14, 2020.10.9, 2020.10.20, 2020.11.11, 2020.12.3, 2020.12.18, 2020.12.31, 2021.2.8, 2021.2.13, 2021.2.14, 2021.2.16, 2021.3.3, 2021.3.4, 2021.3.5, 2021.3.9, 2022.0.0, 2022.0.1, 2022.0.2, 2022.0.3, 2022.0.4, 2022.0.5, 2022.0.6, 2022.0.7, 2022.0.8, 2022.0.9, 2022.0.10, 2022.0.11, 2022.0.12, 2022.0.13, 2022.0.14, 2022.0.15, 2022.0.16, 2022.0.17, 2022.1.8, 2022.1.9, 2022.1.20, 2022.1.24, 2022.2.1, 2022.2.7, 2022.2.10, 2022.3.7, 2022.3.22, 2022.3.24, 2022.3.29, 2022.4.19, 2022.4.26, 2022.5.17, 2022.5.18, 2022.5.19, 2022.5.26, 2022.7.8, 2022.7.19, 2022.7.24, 2022.7.25, 2022.8.23, 2022.9.8, 2022.9.21