FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-pymatgen -- regular expression denial of service

Affected packages
py310-pymatgen <= 2022.9.21
py311-pymatgen <= 2022.9.21
py37-pymatgen <= 2022.9.21
py38-pymatgen <= 2022.9.21
py39-pymatgen <= 2022.9.21

Details

VuXML ID 951b513a-9f42-436d-888d-2162615d0fe4
Discovery 2022-11-10
Entry 2023-04-09

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method.

[source]

References

CVE Name CVE-2022-42964
URL https://osv.dev/vulnerability/GHSA-5jqp-885w-xj32

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.