CVE-2017-18361: Pylons Colander Denial of Service vulnerability
(updated )
In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.
References
- github.com/Pylons/colander
- github.com/Pylons/colander/commit/98805557c10ab5ff3016ed09aa2d48c49b9df40b
- github.com/Pylons/colander/issues/290
- github.com/Pylons/colander/pull/323
- github.com/advisories/GHSA-rv95-4wxj-6fqq
- github.com/pypa/advisory-database/tree/main/vulns/colander/PYSEC-2019-167.yaml
- nvd.nist.gov/vuln/detail/CVE-2017-18361
Code Behaviors & Features
Detect and mitigate CVE-2017-18361 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →