pylint@2.6.0 vulnerabilities

pylint is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users.

Upgrade pylint to version 2.6.1 or higher.

pylint is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the SPECIAL and PRIVATE attributes in pylint/pylint/pyreverse/utils.py. The ReDoS is mainly due to the pattern [^\W_]+\w*, and can be exploited with an input string such as "__"+"1"*5000 + "!".

Upgrade pylint to version 2.7.0 or higher.

pylint is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). A regular expression denial of service issue exists in pyreverse. The ambiguities of vulnerable regular expressions are removed, making the repaired regular expressions safer and faster matching.

Upgrade pylint to version 2.6.1 or higher.