configobj is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due to inefficent regex complexity via the validate function, which can lead to a Denial of Service if an attacker is able to control the input being parsed.
github.com/DiffSK/configobj/blob/v5.0.8/src/configobj/validate.py#L660
github.com/DiffSK/configobj/issues/232
lists.fedoraproject.org/archives/list/[email protected]/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN/
lists.fedoraproject.org/archives/list/[email protected]/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK/
lists.fedoraproject.org/archives/list/[email protected]/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK/