Fedora Account System
Red Hat Associate
Red Hat Customer
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186/
Created python-cleo tracking bugs for this issue: Affects: fedora-35 [bug 2142925]
Created python-cleo tracking bugs for this issue: Affects: fedora-36 [bug 2142926] Affects: fedora-37 [bug 2142927]
To me, a DoS opportunity in a CLI tool doesn't sound like a big problem. Why is this Medium?
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.