There is 1 open security issue in bookworm.
1 issue left for the package maintainer to handle:
- CVE-2023-26112:
(needs triaging)
All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\).
**Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.
You can find information about how to handle this issue in the security team's documentation.