Dependency: Black vulnerable to Regular Expression Denial of Service (ReDoS) #3841
Labels
bug
Something isn't working
Comments
|
I will create a PR for this. |
xrmx
added a commit
to xrmx/opentelemetry-python
that referenced
this issue
Apr 16, 2024
xrmx
added a commit
to xrmx/opentelemetry-python
that referenced
this issue
Apr 23, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service.
Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.
The text was updated successfully, but these errors were encountered: