[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-40899":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":93,"aliases":111,"duplicate_of":9,"upstream":114,"downstream":115,"duplicates":140,"related":141,"reserved_at":9,"published_at":148,"modified_at":149,"state":150,"summary":151,"references_raw":159,"kevs":214,"epss":215,"epss_history":218,"metrics":484,"affected":497},"CVE-2022-40899","An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.",null,[11,18],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],{"_key":19,"id":19,"name":20,"description":21,"type":22,"status":23,"abstraction":24,"likelihood_of_exploit":25,"capec":26},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","weakness","Draft","Class","High",[27,31,89],{"id":28,"name":29,"techniques":30},"CAPEC-147","XML Ping of the Death",[],{"id":32,"name":33,"techniques":34},"CAPEC-227","Sustained Client Engagement",[35],{"id":36,"name":37,"tactics":38,"countermeasures":42},"T1499","Endpoint Denial of Service",[39],{"id":40,"name":41},"TA0105","Impact",[43,48,52,56,60,64,68,72,76,80,85],{"id":44,"name":45,"tactic":46},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":47},"Detect",{"id":49,"name":50,"tactic":51},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":47},{"id":53,"name":54,"tactic":55},"D3-CSPP","Client-server Payload Profiling",{"name":47},{"id":57,"name":58,"tactic":59},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":47},{"id":61,"name":62,"tactic":63},"D3-NTSA","Network Traffic Signature Analysis",{"name":47},{"id":65,"name":66,"tactic":67},"D3-APCA","Application Protocol Command Analysis",{"name":47},{"id":69,"name":70,"tactic":71},"D3-NTCD","Network Traffic Community Deviation",{"name":47},{"id":73,"name":74,"tactic":75},"D3-RTSD","Remote Terminal Session Detection",{"name":47},{"id":77,"name":78,"tactic":79},"D3-ISVA","Inbound Session Volume Analysis",{"name":47},{"id":81,"name":82,"tactic":83},"D3-NTF","Network Traffic Filtering",{"name":84},"Isolate",{"id":86,"name":87,"tactic":88},"D3-ITF","Inbound Traffic Filtering",{"name":84},{"id":90,"name":91,"techniques":92},"CAPEC-492","Regular Expression Exponential Blowup",[],[94,103],{"_key":95,"name":96,"source":97,"url":98,"maturity":99,"reliability_score":100,"verified":101,"type":9,"platforms":102,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_PYTHON_CPYTHON","Cpython","github","https://github.com/python/cpython/pull/16373","poc",0.3,false,[],{"_key":104,"name":105,"source":106,"url":107,"maturity":108,"reliability_score":109,"verified":101,"type":9,"platforms":110,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_342E62D735DDE719","Exploit Reference (pyup.io)","reference","https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/","unknown",0.2,[],[112,113],"GHSA-v3c5-jqr6-7qm8","PYSEC-2022-42991",[],[116,118,120,122,124,126,128,130,132,134,136,138],{"_key":117},"SUSE-SU-2023:0076-1",{"_key":119},"SUSE-SU-2023:0078-1",{"_key":121},"SUSE-SU-2023:0080-1",{"_key":123},"SUSE-SU-2023:0663-1",{"_key":125},"UBUNTU-CVE-2022-40899",{"_key":127},"SUSE-SU-2023:0079-1",{"_key":129},"RHSA-2023:4466",{"_key":131},"RHSA-2023:2101",{"_key":133},"MGASA-2023-0030",{"_key":135},"DEBIAN-CVE-2022-40899",{"_key":137},"USN-5833-1",{"_key":139},"RHSA-2023:6818",[],[142,143,144,145,146,147],{"_key":117},{"_key":119},{"_key":121},{"_key":123},{"_key":127},{"_key":133},"2022-12-22T00:00:00.000Z","2025-04-15T15:52:06.467Z","Modified",{"cisa_kev":101,"cisa_ransomware":101,"cisa_vendor":9,"epss_severity":152,"epss_score":153,"severity":154,"severity_score":155,"severity_version":156,"severity_source":157,"severity_vector":158,"severity_status":150},"low",0.00427,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[160,169,174,180,185,190,194,198,202,206,210],{"url":161,"sources":162,"tags":165},"https://pypi.org/project/future/",[157,163,164],"nvd","osv_pypi",[166,167,168],"Product","Third Party Advisory","PACKAGE",{"url":170,"sources":171,"tags":172},"https://github.com/PythonCharmers/python-future/blob/master/src/future/backports/http/cookiejar.py#L215",[157,163,164],[167,173],"WEB",{"url":175,"sources":176,"tags":177},"https://github.com/python/cpython/pull/17157",[157,163,164],[178,179,167,173],"Exploit","Patch",{"url":107,"sources":181,"tags":182},[157,163,164],[178,183,184],"Vendor Advisory","Advisory",{"url":186,"sources":187,"tags":188},"https://github.com/PythonCharmers/python-future/pull/610",[157,163,164],[189,179,167,173],"Issue Tracking",{"url":191,"sources":192,"tags":193},"https://nvd.nist.gov/vuln/detail/CVE-2022-40899",[164],[184],{"url":195,"sources":196,"tags":197},"https://github.com/PythonCharmers/python-future/commit/c91d70b34ef0402aef3e9d04364ba98509dca76f",[164],[173],{"url":199,"sources":200,"tags":201},"https://github.com/PythonCharmers/python-future",[164],[168],{"url":203,"sources":204,"tags":205},"https://github.com/pypa/advisory-database/tree/main/vulns/future/PYSEC-2022-42991.yaml",[164],[173],{"url":207,"sources":208,"tags":209},"https://pypi.org/project/future",[164],[173],{"url":211,"sources":212,"tags":213},"https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages",[164],[173],[],{"date":216,"score":153,"percentile":217},"2026-06-04",0.62747,[219,223,226,229,232,235,238,241,244,246,249,252,255,258,261,265,268,271,274,277,280,282,285,288,291,294,296,299,302,305,308,311,314,317,320,323,326,329,332,335,338,340,343,346,349,352,355,358,361,364,367,370,373,375,378,380,382,385,388,391,394,396,399,402,405,408,411,415,418,421,424,428,431,434,437,440,443,446,449,451,454,457,460,463,466,470,473,476,478,481],{"date":220,"score":221,"percentile":222},"2025-11-04",0.00747,0.72277,{"date":224,"score":221,"percentile":225},"2025-11-05",0.7226,{"date":227,"score":221,"percentile":228},"2025-11-06",0.72258,{"date":230,"score":221,"percentile":231},"2025-11-07",0.72273,{"date":233,"score":221,"percentile":234},"2025-11-08",0.72271,{"date":236,"score":221,"percentile":237},"2025-11-09",0.72264,{"date":239,"score":221,"percentile":240},"2025-11-10",0.72254,{"date":242,"score":221,"percentile":243},"2025-11-11",0.72259,{"date":245,"score":221,"percentile":222},"2025-11-12",{"date":247,"score":221,"percentile":248},"2025-11-13",0.72285,{"date":250,"score":221,"percentile":251},"2025-11-14",0.72292,{"date":253,"score":221,"percentile":254},"2025-11-15",0.72291,{"date":256,"score":221,"percentile":257},"2025-11-16",0.72287,{"date":259,"score":221,"percentile":260},"2025-11-17",0.72283,{"date":262,"score":263,"percentile":264},"2025-11-18",0.0208,0.82565,{"date":266,"score":263,"percentile":267},"2025-11-19",0.82566,{"date":269,"score":263,"percentile":270},"2025-11-20",0.82569,{"date":272,"score":221,"percentile":273},"2025-11-21",0.72305,{"date":275,"score":221,"percentile":276},"2025-11-22",0.72297,{"date":278,"score":221,"percentile":279},"2025-11-23",0.72281,{"date":281,"score":221,"percentile":234},"2025-11-24",{"date":283,"score":221,"percentile":284},"2025-11-25",0.72272,{"date":286,"score":221,"percentile":287},"2025-11-26",0.72278,{"date":289,"score":221,"percentile":290},"2025-11-27",0.72279,{"date":292,"score":221,"percentile":293},"2025-11-28",0.7227,{"date":295,"score":221,"percentile":243},"2025-11-29",{"date":297,"score":221,"percentile":298},"2025-11-30",0.72255,{"date":300,"score":221,"percentile":301},"2025-12-01",0.72382,{"date":303,"score":221,"percentile":304},"2025-12-02",0.72394,{"date":306,"score":221,"percentile":307},"2025-12-03",0.72393,{"date":309,"score":221,"percentile":310},"2025-12-04",0.72265,{"date":312,"score":221,"percentile":313},"2025-12-05",0.72274,{"date":315,"score":221,"percentile":316},"2025-12-06",0.72276,{"date":318,"score":221,"percentile":319},"2025-12-07",0.72282,{"date":321,"score":221,"percentile":322},"2025-12-08",0.72284,{"date":324,"score":221,"percentile":325},"2025-12-09",0.72315,{"date":327,"score":221,"percentile":328},"2025-12-10",0.72349,{"date":330,"score":221,"percentile":331},"2025-12-11",0.72367,{"date":333,"score":221,"percentile":334},"2025-12-12",0.72389,{"date":336,"score":221,"percentile":337},"2025-12-13",0.72402,{"date":339,"score":221,"percentile":337},"2025-12-14",{"date":341,"score":221,"percentile":342},"2025-12-15",0.72404,{"date":344,"score":221,"percentile":345},"2025-12-16",0.72421,{"date":347,"score":221,"percentile":348},"2025-12-17",0.72437,{"date":350,"score":221,"percentile":351},"2025-12-18",0.72462,{"date":353,"score":221,"percentile":354},"2025-12-19",0.7249,{"date":356,"score":221,"percentile":357},"2025-12-20",0.72491,{"date":359,"score":221,"percentile":360},"2025-12-21",0.72485,{"date":362,"score":221,"percentile":363},"2025-12-22",0.72482,{"date":365,"score":221,"percentile":366},"2025-12-23",0.72476,{"date":368,"score":221,"percentile":369},"2025-12-24",0.72486,{"date":371,"score":221,"percentile":372},"2025-12-25",0.72511,{"date":374,"score":221,"percentile":372},"2025-12-26",{"date":376,"score":221,"percentile":377},"2025-12-27",0.72536,{"date":379,"score":221,"percentile":369},"2025-12-28",{"date":381,"score":221,"percentile":363},"2025-12-29",{"date":383,"score":221,"percentile":384},"2025-12-30",0.72497,{"date":386,"score":221,"percentile":387},"2025-12-31",0.72526,{"date":389,"score":221,"percentile":390},"2026-01-01",0.72671,{"date":392,"score":221,"percentile":393},"2026-01-02",0.72667,{"date":395,"score":221,"percentile":393},"2026-01-03",{"date":397,"score":221,"percentile":398},"2026-01-04",0.7253,{"date":400,"score":221,"percentile":401},"2026-01-05",0.72524,{"date":403,"score":221,"percentile":404},"2026-01-06",0.72538,{"date":406,"score":221,"percentile":407},"2026-01-07",0.72551,{"date":409,"score":221,"percentile":410},"2026-01-08",0.72565,{"date":412,"score":413,"percentile":414},"2026-01-09",0.00867,0.74658,{"date":416,"score":413,"percentile":417},"2026-01-10",0.74657,{"date":419,"score":413,"percentile":420},"2026-01-11",0.74645,{"date":422,"score":413,"percentile":423},"2026-01-12",0.74632,{"date":425,"score":426,"percentile":427},"2026-01-13",0.00651,0.70266,{"date":429,"score":426,"percentile":430},"2026-01-14",0.70293,{"date":432,"score":426,"percentile":433},"2026-01-15",0.70299,{"date":435,"score":426,"percentile":436},"2026-01-16",0.70316,{"date":438,"score":426,"percentile":439},"2026-01-17",0.7031,{"date":441,"score":426,"percentile":442},"2026-01-18",0.70288,{"date":444,"score":426,"percentile":445},"2026-01-19",0.70281,{"date":447,"score":426,"percentile":448},"2026-01-20",0.70289,{"date":450,"score":426,"percentile":430},"2026-01-21",{"date":452,"score":426,"percentile":453},"2026-01-22",0.70306,{"date":455,"score":426,"percentile":456},"2026-01-23",0.70336,{"date":458,"score":426,"percentile":459},"2026-01-24",0.70342,{"date":461,"score":426,"percentile":462},"2026-01-25",0.70313,{"date":464,"score":426,"percentile":465},"2026-01-26",0.70308,{"date":467,"score":468,"percentile":469},"2026-01-27",0.00377,0.58683,{"date":471,"score":468,"percentile":472},"2026-01-28",0.58693,{"date":474,"score":468,"percentile":475},"2026-01-29",0.58694,{"date":477,"score":468,"percentile":475},"2026-01-30",{"date":479,"score":468,"percentile":480},"2026-01-31",0.58697,{"date":482,"score":468,"percentile":483},"2026-02-01",0.58837,[485,490,492],{"source":157,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":486,"cvss_v4_0":9},{"baseScore":155,"baseSeverity":487,"vectorString":158,"impactScore":488,"exploitabilityScore":489},"HIGH",6,10,{"source":163,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":491,"cvss_v4_0":9},{"baseScore":155,"baseSeverity":487,"vectorString":158,"impactScore":488,"exploitabilityScore":489},{"source":164,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":493,"cvss_v4_0":494},{"baseScore":155,"baseSeverity":9,"vectorString":158,"impactScore":488,"exploitabilityScore":489},{"baseScore":495,"baseSeverity":9,"vectorString":496,"impactScore":9,"exploitabilityScore":9},8.7,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",[498,509],{"ecosystem":499,"name":500,"vendor":499,"product":500,"cpe_part":9,"purl_type":501,"purl_namespace":9,"purl_name":500,"source":9,"versions":502},"PyPI","future","pypi",[503],{"version":504,"is_range":505,"range_type":506,"version_start":9,"version_start_type":9,"version_end":507,"version_end_type":508,"fixed_in":9},"lt0_18_3",true,"ecosystem","0.18.3","excluding",{"ecosystem":9,"name":510,"vendor":511,"product":510,"cpe_part":512,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":513},"python-future","pythoncharmers","a",[514],{"version":515,"is_range":505,"range_type":516,"version_start":9,"version_start_type":9,"version_end":517,"version_end_type":518,"fixed_in":9},"lte0.18.2","cpe","0.18.2","including"]