Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service.
Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2024-03-19T05:00:01.474Z
Updated: 2024-08-01T22:20:40.916Z
Reserved: 2023-12-22T12:33:20.119Z
Link: CVE-2024-21503
Vulnrichment
Updated: 2024-06-20T21:12:06.671Z
NVD
Status : Awaiting Analysis
Published: 2024-03-19T05:15:09.447
Modified: 2024-11-21T08:54:34.260
Link: CVE-2024-21503
Redhat