Moderate severityNVD Advisory· Published Aug 22, 2022· Updated Aug 3, 2024
ReDoS in eth-account encode_structured_data function
CVE-2022-1930
Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
eth-accountPyPI | < 0.5.9 | 0.5.9 |
Affected products
2- eth-account/eth-accountv5Range: 0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-v65g-f3cj-fjp4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-1930ghsaADVISORY
- github.com/ethereum/eth-account/commit/70f89be700df0d5f08ef696252c88741f8414060ghsaWEB
- research.jfrog.com/vulnerabilities/eth-account-redos-xray-248681ghsaWEB
- research.jfrog.com/vulnerabilities/eth-account-redos-xray-248681/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.