Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2024-03-19T05:00:01.474Z

Updated: 2024-08-01T22:20:40.916Z

Reserved: 2023-12-22T12:33:20.119Z

Link: CVE-2024-21503

cve-icon Vulnrichment

Updated: 2024-06-20T21:12:06.671Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-19T05:15:09.447

Modified: 2024-11-21T08:54:34.260

Link: CVE-2024-21503

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-03-19T00:00:00Z

Links: CVE-2024-21503 - Bugzilla