CVE-2024-21503

Published: Mar 19, 2024

Modified: Aug 1, 2024

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.

Vendor	Product	Versions
n/a	black	affected `0 - < 24.3.0`

Weaknesses (CWE)

CWE-1333

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

https://security.snyk.io/vuln/SNYK-PYTHON-BLACK-6256273

https://github.com/psf/black/releases/tag/24.3.0

https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-21503

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References