CVE-2020-29651

Aliases:GHSA-hj5v-574p-mj7cPYSEC-2020-92
Advisory lineage Upstream: 0 Downstream: 15
Modified
Published: 09 Dec 2020, 06:58
Last modified:03 Nov 2025, 21:44

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.5 HIGH
v3.1 (nvd)
EPSS Score
0.78% LOW
1% probability -0.07%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

09 Dec 2020, 06:58
Published
Vulnerability first disclosed
03 Nov 2025, 21:44
Last Modified
Vulnerability information updated

Description

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

CVSS Metrics

  • v4.0HIGHScore: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • v3.1HIGHScore: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • v2.0MEDIUMScore: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.78% Percentile: 74%

Affected Systems

  • fedoraprojectfedora

    32 | 33

  • oraclezfs_storage_appliance_kit

    8.8

  • PyPIpy

    < 1.10.0

  • pytestpy

    ≤ 1.9.0

References (17)