CVE-2024-21503

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Mar 19, 2024

Updated: Jul 3, 2024

CWE ID 1333

CWE ID 75

Summary

CVE-2024-21503 is a vulnerability affecting versions of the Python package Black before 24.3.0. This issue involves a Regular Expression Denial of Service (ReDoS) risk in the lines_with_leading_tabs_expanded function located in the strings.py file. An attacker can trigger a denial of service by supplying malicious input to this function. The vulnerability is more significant when Black is run on untrusted user input or when docstrings contain extensive amounts of leading tab characters.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/u5s2zL
https://www.cve.org/CVERecord?id=CVE-2024-21503
https://nvd.nist.gov/vuln/detail/CVE-2024-21503

Back to Vulnerability Database

CVE-2024-21503

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations