[New-bugs-announce] [issue46474] Inefficient regular expression complexity in EntryPoint.pattern
Jason R. Coombs
report at bugs.python.org
Sat Jan 22 14:18:51 EST 2022
New submission from Jason R. Coombs <jaraco at jaraco.com>:
Originally reported to the Python Security Response Team, the EntryPoint.pattern demonstrates a potential [ReDoS](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_).
The issue has been patched and fix released with importlib_metadata 4.10.1. Let's get that fix incorporated into Python as well.
components: Library (Lib)
title: Inefficient regular expression complexity in EntryPoint.pattern
versions: Python 3.10, Python 3.11, Python 3.8, Python 3.9
Python tracker <report at bugs.python.org>
More information about the New-bugs-announce