Source: pymatgen X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerability was published for pymatgen. CVE-2022-42964[0]: | An exponential ReDoS (Regular Expression Denial of Service) can be | triggered in the pymatgen PyPI package, when an attacker is able to | supply arbitrary input to the GaussianInput.from_string method https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/ This doesn't seem to have been reported upstream yet, can you please take care of that? If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-42964 https://www.cve.org/CVERecord?id=CVE-2022-42964 Please adjust the affected versions in the BTS as needed.
