Security Advisory

CVE-2024-21503

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-03-19 05:00:01
Last updated 2024-08-01 22:20:40
Assigner snyk
State PUBLISHED

Description

Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.