Skip to main content

Inefficient Regular Expression Complexity


Severity High
Score 7.5/10


An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package in versions prior to 1.0.0 when an attacker is able to supply arbitrary input to the 'Table.set_rows' method .

  • LOW
  • NONE
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-1333 - Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Advisory Timeline

  • Published