{"id":"CVE-2021-29063","details":"A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called.","aliases":["GHSA-f865-m6cq-j9vx","PYSEC-2021-427"],"modified":"2026-02-24T11:36:20.198068Z","published":"2021-06-21T20:15:09.477Z","related":["CGA-wfhm-8wcx-ghc4","MGASA-2021-0479","openSUSE-SU-2024:13280-1"],"references":[{"type":"WEB","url":"https://github.com/mpmath/mpmath/releases/tag/1.3.0"},{"type":"WEB","url":"https://github.com/yetingli/SaveResults/blob/main/js/hosted-git-info.js"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3M5O55E7VUDMXCPQR6MQTOIFDKHP36AA/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIUX3XWY2K3MSO7QXMZXQQYAURARSPC5/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS2U6GLXQSRZJE2HVUAUMVFR2DWQLCZG/"},{"type":"WEB","url":"https://www.npmjs.com/package/hosted-git-info"},{"type":"ADVISORY","url":"https://github.com/fredrik-johansson/mpmath/commit/46d44c3c8f3244017fe1eb102d564eb4ab8ef750"},{"type":"ADVISORY","url":"https://github.com/npm/hosted-git-info/pull/76"},{"type":"ADVISORY","url":"https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md"},{"type":"ADVISORY","url":"https://github.com/yetingli/SaveResults/blob/main/js/hosted-git-info.js"},{"type":"FIX","url":"https://github.com/fredrik-johansson/mpmath/commit/46d44c3c8f3244017fe1eb102d564eb4ab8ef750"},{"type":"FIX","url":"https://github.com/npm/hosted-git-info/pull/76"},{"type":"FIX","url":"https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md"},{"type":"EVIDENCE","url":"https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mpmath/mpmath","events":[{"introduced":"0"},{"fixed":"b5c04506ef0cd4a1f1213f8389ee21c9c3551582"}]}],"versions":["0.17","0.18","0.19","1.0.0","1.1.0","1.2.0","1.2.0-rebuild","1.2.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-29063.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}