FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-02-13 20:06:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
83b29e3f-886f-439f-b9a8-72e014479ff9	py-dparse -- REDoS vulnerability yeisonvargasf reports: dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed. Discovery 2022-10-06 Entry 2023-08-31 py37-dparse py38-dparse py39-dparse py310-dparse py311-dparse < 0.5.2 CVE-2022-39280 https://osv.dev/vulnerability/PYSEC-2022-301 https://osv.dev/vulnerability/GHSA-8fg9-p83m-x5pq

VuXML ID

Description

83b29e3f-886f-439f-b9a8-72e014479ff9

py-dparse -- REDoS vulnerability

yeisonvargasf reports:

dparse is a parser for Python dependency files.

dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service.

All the users parsing index server URLs with dparse are impacted by this vulnerability.

Users unable to upgrade should avoid passing index server URLs in the source file to be parsed.

Discovery 2022-10-06
Entry 2023-08-31
py37-dparse
py38-dparse
py39-dparse
py310-dparse
py311-dparse

< 0.5.2

CVE-2022-39280
https://osv.dev/vulnerability/PYSEC-2022-301
https://osv.dev/vulnerability/GHSA-8fg9-p83m-x5pq