Search for vulnerabilities
Vulnerability details: VCID-52y5-z9fq-aaan
Vulnerability ID VCID-52y5-z9fq-aaan
Aliases CVE-2022-42969
GHSA-w596-4wvx-j9j6
PYSEC-2022-42969
Summary ReDoS in py library when used with subversion
Status Disputed
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
System Score Found at
cvssv3 3.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42969.json
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00552 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00668 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00668 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00668 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00668 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00668 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00668 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00668 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00668 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00668 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00668 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.00668 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.01252 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.01252 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.01252 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
epss 0.01612 https://api.first.org/data/v1/epss?cve=CVE-2022-42969
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-w596-4wvx-j9j6
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-w596-4wvx-j9j6
cvssv3.1 7.5 https://github.com/pypa/advisory-database/tree/main/vulns/py/PYSEC-2022-42969.yaml
generic_textual HIGH https://github.com/pypa/advisory-database/tree/main/vulns/py/PYSEC-2022-42969.yaml
cvssv3.1 7.5 https://github.com/pytest-dev/py
generic_textual HIGH https://github.com/pytest-dev/py
cvssv3.1 5.3 https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316
cvssv3.1 7.5 https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316
generic_textual HIGH https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316
ssvc Track https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316
cvssv3.1 5.3 https://github.com/pytest-dev/py/issues/287
cvssv3.1 7.5 https://github.com/pytest-dev/py/issues/287
generic_textual HIGH https://github.com/pytest-dev/py/issues/287
ssvc Track https://github.com/pytest-dev/py/issues/287
cvssv3.1 7.5 https://github.com/pytest-dev/py/issues/288
generic_textual HIGH https://github.com/pytest-dev/py/issues/288
cvssv3.1 7.5 https://github.com/pytest-dev/pytest/issues/10392
generic_textual HIGH https://github.com/pytest-dev/pytest/issues/10392
cvssv3.1 5.3 https://news.ycombinator.com/item?id=34163710
cvssv3.1 7.5 https://news.ycombinator.com/item?id=34163710
generic_textual HIGH https://news.ycombinator.com/item?id=34163710
ssvc Track https://news.ycombinator.com/item?id=34163710
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42969
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42969
cvssv3.1 5.3 https://pypi.org/project/py
cvssv3.1 7.5 https://pypi.org/project/py
generic_textual HIGH https://pypi.org/project/py
ssvc Track https://pypi.org/project/py
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42969.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/py/PYSEC-2022-42969.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pytest-dev/py
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N Found at https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:15:37Z/ Found at https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316
Vector: CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N Found at https://github.com/pytest-dev/py/issues/287
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pytest-dev/py/issues/287
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:15:37Z/ Found at https://github.com/pytest-dev/py/issues/287
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pytest-dev/py/issues/288
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pytest-dev/pytest/issues/10392
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N Found at https://news.ycombinator.com/item?id=34163710
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://news.ycombinator.com/item?id=34163710
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:15:37Z/ Found at https://news.ycombinator.com/item?id=34163710
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-42969
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-42969
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N Found at https://pypi.org/project/py
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://pypi.org/project/py
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:15:37Z/ Found at https://pypi.org/project/py
Exploit Prediction Scoring System (EPSS)
Percentile 0.26987
EPSS Score 0.00114
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-09-22T05:13:32.682739+00:00 NVD CVE Status Improver Improve https://cveawg.mitre.org/api/cve/CVE-2022-42969 34.0.1