An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent.
{ "nvd_published_at": "2021-04-01T05:15:00Z", "github_reviewed_at": "2021-08-19T17:21:25Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-400" ] }