A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to use excessive resources to attempt a match. This issue affects Apache MXNet versions prior to 1.9.1.
[
{
"product": "Apache MXNet",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]