Headline
GHSA-fj7x-q9j7-g6q6: Black vulnerable to Regular Expression Denial of Service (ReDoS)
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service.
Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.
Black vulnerable to Regular Expression Denial of Service (ReDoS)
Moderate severity GitHub Reviewed Published Mar 19, 2024 to the GitHub Advisory Database • Updated Mar 20, 2024
Related news
Red Hat Security Advisory 2024-3781-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include HTTP request smuggling, buffer overflow, code execution, cross site scripting, denial of service, memory exhaustion, null pointer, and password leak vulnerabilities.