PYSEC-2021-427
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/mpmath/PYSEC-2021-427.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2021-427
- Aliases
- Published
- 2021-06-21T20:15:00Z
- Modified
- 2023-11-01T04:55:03.374161Z
- Summary
- [none]
- Details
-
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called.
- References
-
- https://github.com/npm/hosted-git-info/pull/76
- https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md
- https://github.com/yetingli/SaveResults/blob/main/js/hosted-git-info.js
- https://www.npmjs.com/package/hosted-git-info
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3M5O55E7VUDMXCPQR6MQTOIFDKHP36AA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MS2U6GLXQSRZJE2HVUAUMVFR2DWQLCZG/
- https://github.com/fredrik-johansson/mpmath/commit/46d44c3c8f3244017fe1eb102d564eb4ab8ef750
- https://github.com/advisories/GHSA-f865-m6cq-j9vx
Affected packages
PyPI / mpmath
Package
- Name
- mpmath
- View open source insights on deps.dev
- Purl
- pkg:pypi/mpmath
Affected ranges
- Type
- GIT
- Repo
- https://github.com/fredrik-johansson/mpmath
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.0