Опубликовано: 08 сент. 2021
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 7.5
Описание
Regular Expression Denial of Service in flask-restx
Flask RESTX contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex.
Ссылки
- https://github.com/python-restx/flask-restx/security/advisories/GHSA-3q6g-vf58-7m4g
- https://nvd.nist.gov/vuln/detail/CVE-2021-32838
- https://github.com/python-restx/flask-restx/issues/372
- https://github.com/python-restx/flask-restx/commit/bab31e085f355dd73858fd3715f7ed71849656da
- https://github.com/advisories/GHSA-3q6g-vf58-7m4g
- https://github.com/pypa/advisory-database/tree/main/vulns/flask-restx/PYSEC-2021-325.yaml
- https://github.com/python-restx/flask-restx/blob/fd99fe11a88531f5f3441a278f7020589f9d2cc0/flask_restx/inputs.py#L51
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5UCTFVDU3677B5OBGK4EF5NMUPJLL6SQ
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QUD6SWZLX52AAZUHDETJ2CDMQGEPGFL3
- https://pypi.org/project/flask-restx
Пакеты
Наименование
flask-restx
pip
Затронутые версииВерсия исправления
< 0.5.1
0.5.1
EPSS
Процентиль: 80%
0.01367
Низкий
8.7 High
CVSS4
7.5 High
CVSS3
CVE ID
Дефекты
CWE-1333
CWE-400
Связанные уязвимости
CVSS3: 7.5
nvd
больше 4 лет назад
Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1.
EPSS
Процентиль: 80%
0.01367
Низкий
8.7 High
CVSS4
7.5 High
CVSS3
CVE ID
Дефекты
CWE-1333
CWE-400