Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
&color=brightgreen)
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.
- https://security.snyk.io/vuln/SNYK-PYTHON-BLACK-6256273
- https://github.com/NaInSec/CVE-LIST
- https://github.com/dreammusic2011/selenium-python-framework
- https://github.com/fkie-cad/nvd-json-data-feeds