Bug 2128977 (CVE-2022-40023) - CVE-2022-40023 mako: REDoS in Lexer class
Summary: CVE-2022-40023 mako: REDoS in Lexer class
Status: NEW
Alias: CVE-2022-40023
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 2128978 2128979 2128981 2129690 2129691 2129692 2133604 2133606 2129693 2129694 2129695 2129696 2133605
Blocks: 2125131
TreeView+ depends on / blocked
Reported: 2022-09-22 07:42 UTC by Avinash Hanwate
Modified: 2023-01-04 11:29 UTC (History)
30 users (show)

Fixed In Version: mako 1.2.2
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the mako package. Affected versions of this package are vulnerable to Regular expression denial of service (ReDoS) attacks, affecting system availability.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Comment 1 Avinash Hanwate 2022-09-22 07:48:24 UTC
Created python-pecan tracking bugs for this issue:

Affects: epel-all [bug 2128979]
Affects: fedora-all [bug 2128978]

Comment 2 Avinash Hanwate 2022-09-22 07:50:05 UTC
Created python-pecan tracking bugs for this issue:

Affects: openstack-rdo [bug 2128981]

Comment 4 Timothée Floure 2022-09-24 15:07:46 UTC
This package is a wayland notification daemon, not the python templating library: this bug is in the wrong place.

Comment 5 Timothée Floure 2022-09-24 15:11:33 UTC
You want the python-mako [1] package - adding its maintainer to the CC list.

[1] https://src.fedoraproject.org/rpms/python-mako

Note You need to log in before you can comment on or make changes to this bug.