GHSA-mr82-8j83-vxmv

Source

https://github.com/advisories/GHSA-mr82-8j83-vxmv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-mr82-8j83-vxmv/GHSA-mr82-8j83-vxmv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mr82-8j83-vxmv

Aliases

CVE-2024-3772

Related

CGA-qgmj-754c-73g4

Published

2024-04-15T03:31:00Z

Modified

2024-04-26T03:46:39.351717Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Pydantic regular expression denial of service

Details

Regular expression denial of service in Pydantic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.

References

Affected packages

PyPI / pydantic

Package

Name: pydantic; View open source insights on deps.dev
Purl: pkg:pypi/pydantic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.4.0

Affected versions

2.*

2.0

2.0.1

2.0.2

2.0.3

2.1.0

2.1.1

2.2.0

2.2.1

2.3.0

PyPI / pydantic

Package

Name: pydantic; View open source insights on deps.dev
Purl: pkg:pypi/pydantic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.13

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.1

0.2

0.2.1

0.3

0.4

0.5

0.6

0.6.1

0.6.2

0.6.3

0.6.4

0.7

0.7.1

0.8

0.9

0.9.1

0.10

0.11

0.11.1

0.11.2

0.12

0.12.1

0.13

0.13.1

0.14

0.15

0.16

0.16.1

0.17

0.18

0.18.1

0.18.2

0.19

0.20a1

0.20

0.20.1

0.21

0.22

0.23

0.24

0.25

0.26

0.27a1

0.27

0.28

0.29

0.30

0.30.1

0.31

0.31.1

0.32

0.32.1

0.32.2

1.*

1.0b1

1.0b2

1.0

1.1

1.1.1

1.2

1.3

1.4

1.5

1.5.1

1.6

1.6.1

1.6.2

1.7

1.7.1

1.7.2

1.7.3

1.7.4

1.8

1.8.1

1.8.2

1.9.0a1

1.9.0a2

1.9.0

1.9.1

1.9.2

1.10.0a1

1.10.0a2

1.10.0b1

1.10.0

1.10.1

1.10.2

1.10.3

1.10.4

1.10.5

1.10.6

1.10.7

1.10.8

1.10.9

1.10.10

1.10.11

1.10.12