mxnet is vulnerable to regular expression denial of service. The vulnerability exists in get_kernel
function of rtc.py
due to improper handling of regular expressions which allows an attacker to send a specially crafted operator name causing a excessive resource consumption which then leads to an application crash.
www.openwall.com/lists/oss-security/2022/07/24/2
github.com/advisories/GHSA-xxj3-55p6-xg3h
github.com/apache/incubator-mxnet/commit/59b4c188f655ec4596ab9369aaa441672110e064
github.com/apache/incubator-mxnet/pull/20810
github.com/apache/incubator-mxnet/pull/20840
github.com/apache/incubator-mxnet/releases/tag/1.9.1
lists.apache.org/thread/b1fbfmvzlr2bbp95lqoh3mtovclfcl3o