DEBIAN-CVE-2024-21503
- Source
- https://security-tracker.debian.org/tracker/CVE-2024-21503
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-21503.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2024-21503
- Upstream
- Published
- 2024-03-19T05:15:09.447Z
- Modified
- 2025-11-20T10:17:03.383301Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lineswithleadingtabsexpanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service.
Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.
- References
Affected packages
Debian:11 / black
Package
- Name
- black
- Purl
- pkg:deb/debian/black?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
20.*
20.8b1-4
21.*
21.4b2-1~exp1
21.4b2-1
21.4b2-2
21.4b2-3
21.10b0-1
21.12b0-1
22.*
22.1.0-1
22.3.0-1
22.6.0-1
22.6.0-2
22.8.0-1
22.10.0-1
22.10.0-2
22.12.0-1
23.*
23.1.0-1
23.3.0-1~exp1
23.3.0-1
23.7.0-1
23.9.1-1
23.10.0-1
23.10.1-1
23.11.0-1
24.*
24.1.1-1
24.2.0-1
24.4.0-1
24.4.0-2
24.4.2-1
24.4.2-2~0exp0
24.4.2-2
24.8.0-1
24.10.0-1
24.10.0-2
24.10.0-3
25.*
25.1.0-0exp
25.1.0-1
25.1.0-2
25.1.0-3
25.9.0-1
25.11.0-1
Debian:12 / black
Package
- Name
- black
- Purl
- pkg:deb/debian/black?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / black
Package
- Name
- black
- Purl
- pkg:deb/debian/black?arch=source
Debian:14 / black
Package
- Name
- black
- Purl
- pkg:deb/debian/black?arch=source