Home

Description

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.

PUBLISHED Reserved 2022-09-06 | Published 2022-09-07 | Updated 2025-12-03 | Assigner mitre

References

github.com/sqlalchemy/mako/issues/366

github.com/...ommit/925760291d6efec64fda6e9dd1fd9cfbd5be068c

github.com/...67d1b9770ab8cce6a9c736d547/mako/ext/extract.py

pyup.io/vulnerabilities/CVE-2022-40023/50870/

lists.debian.org/debian-lts-announce/2022/09/msg00026.html ([debian-lts-announce] 20220921 [SECURITY] [DLA 3116-1] mako security update) mailing-list

pyup.io/...ers-redos-vulnerabilities-in-top-python-packages/

lists.debian.org/debian-lts-announce/2025/12/msg00004.html

github.com/sqlalchemy/mako/issues/366

github.com/...ommit/925760291d6efec64fda6e9dd1fd9cfbd5be068c

github.com/...67d1b9770ab8cce6a9c736d547/mako/ext/extract.py

pyup.io/vulnerabilities/CVE-2022-40023/50870/

lists.debian.org/debian-lts-announce/2022/09/msg00026.html ([debian-lts-announce] 20220921 [SECURITY] [DLA 3116-1] mako security update) mailing-list

pyup.io/...ers-redos-vulnerabilities-in-top-python-packages/

cve.org (CVE-2022-40023)

nvd.nist.gov (CVE-2022-40023)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.