pylint@1.9.3 vulnerabilities

python code static checker

latest version

3.3.1
latest non vulnerable version

3.3.1
first published

16 years ago
latest version published

a month ago
licenses detected
- GPL-2.0
  [0.20.0,)
View pylint package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the pylint package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Regular Expression Denial of Service (ReDoS) pylint is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to issues in its `pyreverse` component. This issue arises from certain regular expressions in `pyreverse` that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `pylint` to version 2.6.1 or higher.	[,2.6.1)
M Regular Expression Denial of Service (ReDoS) pylint is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `SPECIAL` and `PRIVATE` attributes in `pylint/pylint/pyreverse/utils.py`. The ReDoS is mainly due to the pattern `[^\W_]+\w`, and can be exploited with an input string such as `"__"+"1"5000 + "!"`. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `pylint` to version 2.7.0 or higher.	[,2.7.0)
H Regular Expression Denial of Service (ReDoS) pylint is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). A regular expression denial of service issue exists in `pyreverse`. The ambiguities of vulnerable regular expressions are removed, making the repaired regular expressions safer and faster matching. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `pylint` to version 2.6.1 or higher.	[0,2.6.1)
M Remote Code Execution pylint is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions. Affected versions of this package are vulnerable to Remote Code Execution. `python -m pylint` imports user code. It adds the current working directory as the first element of `sys.path` this opens up a security hole where `pylint` imports user level code as long as that code resides in modules with the same name as `stdlib` or `pylint`'s own modules. How to fix Remote Code Execution? Upgrade `pylint` to version 2.5.0 or higher.	[1.1.0,2.5.0)

Go back to all versions of this package

pylint@1.9.3 vulnerabilities

python code static checker

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities