Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2024-21503
HistoryMar 19, 2024 - 7:51 a.m.

CVE-2024-21503

2024-03-1907:51:01
redhat.com
access.redhat.com
15
python-black
regular expression denial of service
vulnerability
lines_with_leading_tabs_expanded() function

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0

Percentile

15.5%

JSON

The python-black package is susceptible to a regular expression denial of service (ReDoS) vulnerability, found in the lines_with_leading_tabs_expanded() function within the strings.py file. This vulnerability could be exploited by running Black on untrusted input or by inserting numerous leading tab characters into docstrings. This flaw allows attackers to craft malicious input to trigger a denial of service.

Related

nvd 1
osv 4
cvelist 1
cve 1
ubuntucve 1
alpinelinux 1
vulnrichment 1
debiancve 1
github 1
nessus 2
ibm 3
redhat 1
nvd
nvd
CVE-2024-21503
2024-03-19 05:15:09
osv
osv
CVE-2024-21503
2024-03-19 05:15:09
Security update for python-black
2024-07-15 09:30:04
PYSEC-2024-48
2024-03-19 05:15:00
cvelist
cvelist
CVE-2024-21503
2024-03-19 05:00:01
cve
cve
CVE-2024-21503
2024-03-19 05:15:09
ubuntucve
ubuntucve
CVE-2024-21503
2024-03-19 00:00:00
alpinelinux
alpinelinux
CVE-2024-21503
2024-03-19 05:15:09
vulnrichment
vulnrichment
CVE-2024-21503
2024-03-19 05:00:01
debiancve
debiancve
CVE-2024-21503
2024-03-19 05:15:09
github
github
Black vulnerable to Regular Expression Denial of Service (ReDoS)
2024-03-19 06:30:52
nessus
nessus
openSUSE 15 Security Update : python-black (SUSE-SU-2024:2481-1)
2024-07-16 00:00:00
RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:3781)
2024-06-10 00:00:00
ibm
ibm
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
2024-05-03 10:32:27
Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities
2024-05-21 09:37:09
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
2024-06-26 16:06:34
redhat
redhat
(RHSA-2024:3781) Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
2024-06-10 18:26:47

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0

Percentile

15.5%

JSON
Related for RH:CVE-2024-21503
nvd1osv4cvelist1cve1ubuntucve1alpinelinux1vulnrichment1debiancve1github1nessus2ibm3redhat1