CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
54.8%
Pydantic is a data validation and settings management using Python type
hinting. In affected versions passing either 'infinity'
, 'inf'
or
float('inf')
(or their negatives) to datetime
or date
fields causes
validation to run forever with 100% CPU usage (on one CPU). Pydantic has
been patched with fixes available in the following versions: v1.8.2,
v1.7.4, v1.6.2. All these versions are available on
pypi(https://pypi.org/project/pydantic/#history), and will be available on
conda-forge(https://anaconda.org/conda-forge/pydantic) soon. See the
changelog(https://pydantic-docs.helpmanual.io/) for details. If you
absolutely can’t upgrade, you can work around this risk using a
validator(https://pydantic-docs.helpmanual.io/usage/validators/) to catch
these values. This is not an ideal solution (in particular you’ll need a
slightly different function for datetimes), instead of a hack like this you
should upgrade pydantic. If you are not using v1.8.x, v1.7.x or v1.6.x and
are unable to upgrade to a fixed version of pydantic, please create an
issue at https://github.com/samuelcolvin/pydantic/issues requesting a
back-port, and we will endeavour to release a patch for earlier versions of
pydantic.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
54.8%