CVE-2024-3772

Опубликовано: 15 апр. 2024

Источник: debian

EPSS Низкий

Описание

Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.

Пакет	Статус	Версия исправления	Релиз	Тип
pydantic	fixed	1.10.13-0.1		package
pydantic	no-dsa		bookworm	package
pydantic	no-dsa		bullseye	package

https://github.com/pydantic/pydantic/pull/7360
https://github.com/pydantic/pydantic/commit/e4393ae6145c4dadff739990bb0116c6dec3441b (v2.4.0)
https://github.com/pydantic/pydantic/pull/7673
https://github.com/pydantic/pydantic/commit/59d8f38fd6220e3917c53785dbc70317d6f8e631 (v1.0.13)

EPSS

Процентиль: 51%

0.0028

Низкий

CVE-2024-3772

CVSS3: 5.9

ubuntu

около 1 года назад

Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.

CVE-2024-3772

CVSS3: 5.9

redhat

около 1 года назад

Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.

CVE-2024-3772

CVSS3: 5.9

nvd

около 1 года назад

Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.

SUSE-SU-2025:0310-1

suse-cvrf

5 месяцев назад

Security update for python-pydantic

ROS-20240827-14

CVSS3: 5.9

redos

10 месяцев назад

Уязвимость python3-pydantic

EPSS

Процентиль: 51%

0.0028

Низкий