CVE-2019-19588: Uncontrolled resource consumption in validators Python package

January 21, 2020 (updated November 18, 2024)

The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6.

References

github.com/advisories/GHSA-5qcg-w2cc-xffw
github.com/kvesteri/validators/issues/86
github.com/pypa/advisory-database/tree/main/vulns/validators/PYSEC-2019-134.yaml
github.com/python-validators/validators
github.com/python-validators/validators/issues/86
nvd.nist.gov/vuln/detail/CVE-2019-19588

Detect and mitigate CVE-2019-19588 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →