Lucene search

K

GitHub_MCVELIST:CVE-2021-32838

HistorySep 20, 2021 - 5:30 p.m.

CVE-2021-32838 Regular Expression Denial of Service in flask-restx

2021-09-2017:30:13

CWE-400

GitHub_M

www.cve.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1.

CNA Affected

[
  {
    "product": "flask-restx",
    "vendor": "python-restx",
    "versions": [
      {
        "status": "affected",
        "version": "< 0.5.1"
      }
    ]
  }
]

References

github.com/advisories/GHSA-3q6g-vf58-7m4g

github.com/python-restx/flask-restx/blob/fd99fe11a88531f5f3441a278f7020589f9d2cc0/flask_restx/inputs.py#L51

github.com/python-restx/flask-restx/commit/bab31e085f355dd73858fd3715f7ed71849656da

github.com/python-restx/flask-restx/issues/372

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5UCTFVDU3677B5OBGK4EF5NMUPJLL6SQ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUD6SWZLX52AAZUHDETJ2CDMQGEPGFL3/

pypi.org/project/flask-restx/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

Related for CVELIST:CVE-2021-32838

fedora2 osv3 prion1 cve1 openvas3 nvd1 github1 mageia1 ibm2