pylint@1.5.1 vulnerabilities

python code static checker

Direct Vulnerabilities

Known vulnerabilities in the pylint package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Regular Expression Denial of Service (ReDoS)

pylint is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade pylint to version 2.6.1 or higher.

[,2.6.1)
  • M
Regular Expression Denial of Service (ReDoS)

pylint is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the SPECIAL and PRIVATE attributes in pylint/pylint/pyreverse/utils.py. The ReDoS is mainly due to the pattern [^\W_]+\w*, and can be exploited with an input string such as "__"+"1"*5000 + "!".

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade pylint to version 2.7.0 or higher.

[,2.7.0)
  • H
Regular Expression Denial of Service (ReDoS)

pylint is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). A regular expression denial of service issue exists in pyreverse. The ambiguities of vulnerable regular expressions are removed, making the repaired regular expressions safer and faster matching.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade pylint to version 2.6.1 or higher.

[0,2.6.1)
  • M
Remote Code Execution

pylint is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions.

Affected versions of this package are vulnerable to Remote Code Execution. python -m pylint imports user code. It adds the current working directory as the first element of sys.path this opens up a security hole where pylint imports user level code as long as that code resides in modules with the same name as stdlib or pylint's own modules.

How to fix Remote Code Execution?

Upgrade pylint to version 2.5.0 or higher.

[1.1.0,2.5.0)