VDB

DEBIAN-CVE-2024-21503

DEBIAN-CVE-2024-21503 PUBLISHED CVSS 5.300000190734863 MEDIUM

Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

VendorProductVersions
Debian:11black22.6.0-1, 21.10b0-1, 21.12b0-1
Debian:12black24.4.0-1, 23.11.0-1, 24.2.0-1
Debian:13black0, 0, 0
Debian:14black0, 0, 0

Exploit Intelligence

Timeline

  • Mar 19, 2024 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›