An update for python-mako is now available for openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1683 Final 1.0 1.0 2023-09-28 Initial 2023-09-28 2023-09-28 openEuler SA Tool V1.0 2023-09-28 python-mako security update An update for python-mako is now available for openEuler-20.03-LTS-SP3. Python-mako is a template library for Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Mako's syntax and API borrows from the best ideas of many others, including Django templates, Cheetah, Myghty, and Genshi. Security Fix(es): Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.(CVE-2022-40023) An update for python-mako is now available for openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High python-mako https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1683 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-40023 https://nvd.nist.gov/vuln/detail/CVE-2022-40023 openEuler-20.03-LTS-SP3 python3-mako-1.0.6-14.oe1.noarch.rpm python-mako-help-1.0.6-14.oe1.noarch.rpm python2-mako-1.0.6-14.oe1.noarch.rpm python-mako-1.0.6-14.oe1.src.rpm Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. 2023-09-28 CVE-2022-40023 openEuler-20.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H python-mako security update 2023-09-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1683