Regular Expression Denial of Service in Sqlalchemy Mako Lexer Class

Regular Expression Denial of Service in Sqlalchemy Mako Lexer Class

CVE-2022-40023 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.

Learn more about our Web Application Penetration Testing UK.