GHSA-2p9h-ccw7-33gfMediumCVSS 5.9

cleo is vulnerable to Regular Expression Denial of Service (ReDoS)

Published
November 10, 2022
Last Modified
July 2, 2026

🔗 CVE IDs covered (1)

📋 Description

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method.

🎯 Affected products1

  • pip/cleo:>= 1.0.0a1, < 2.0.0

🔗 References (7)