CVE-2021-32838: Regular Expression Denial of Service in flask-restx
(updated )
Flask RESTX contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex.
References
- github.com/advisories/GHSA-3q6g-vf58-7m4g
- github.com/pypa/advisory-database/tree/main/vulns/flask-restx/PYSEC-2021-325.yaml
- github.com/python-restx/flask-restx
- github.com/python-restx/flask-restx/blob/fd99fe11a88531f5f3441a278f7020589f9d2cc0/flask_restx/inputs.py
- github.com/python-restx/flask-restx/commit/bab31e085f355dd73858fd3715f7ed71849656da
- github.com/python-restx/flask-restx/issues/372
- github.com/python-restx/flask-restx/security/advisories/GHSA-3q6g-vf58-7m4g
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5UCTFVDU3677B5OBGK4EF5NMUPJLL6SQ
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QUD6SWZLX52AAZUHDETJ2CDMQGEPGFL3
- nvd.nist.gov/vuln/detail/CVE-2021-32838
- pypi.org/project/flask-restx
Detect and mitigate CVE-2021-32838 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →