UBUNTU-CVE-2024-21503
- Source
- https://ubuntu.com/security/CVE-2024-21503
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-21503.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-21503
- Related
- Published
- 2024-03-19T05:15:00Z
- Modified
- 2024-10-15T14:12:50Z
- Summary
- [none]
- Details
-
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lineswithleadingtabsexpanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.
- References
Affected packages
Ubuntu:20.04:LTS / black
Package
- Name
- black
- Purl
- pkg:deb/ubuntu/black?arch=src?distro=focal
Ubuntu:22.04:LTS / black
Package
- Name
- black
- Purl
- pkg:deb/ubuntu/black?arch=src?distro=jammy
Ubuntu:24.10 / black
Package
- Name
- black
- Purl
- pkg:deb/ubuntu/black?arch=src?distro=oracular