Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
CWE-1333
Vulnerability Title
black 安全漏洞
Vulnerability Description
Black是一个 Python 代码格式化程序。 black 24.3.0 之前版本存在安全漏洞,该漏洞源于 strings.py 文件中的lines_with_leading_tabs_expanded 函数容易受到拒绝服务攻击,攻击者利用该漏洞可以通过制作恶意输入导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A