{"id":"PYSEC-2021-427","details":"A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called.","aliases":["CVE-2021-29063","GHSA-f865-m6cq-j9vx"],"modified":"2023-11-01T04:55:03.374161Z","published":"2021-06-21T20:15:00Z","references":[{"type":"WEB","url":"https://github.com/npm/hosted-git-info/pull/76"},{"type":"WEB","url":"https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md"},{"type":"WEB","url":"https://github.com/yetingli/SaveResults/blob/main/js/hosted-git-info.js"},{"type":"WEB","url":"https://www.npmjs.com/package/hosted-git-info"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3M5O55E7VUDMXCPQR6MQTOIFDKHP36AA/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MS2U6GLXQSRZJE2HVUAUMVFR2DWQLCZG/"},{"type":"FIX","url":"https://github.com/fredrik-johansson/mpmath/commit/46d44c3c8f3244017fe1eb102d564eb4ab8ef750"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-f865-m6cq-j9vx"}],"affected":[{"package":{"name":"mpmath","ecosystem":"PyPI","purl":"pkg:pypi/mpmath"},"ranges":[{"type":"GIT","repo":"https://github.com/fredrik-johansson/mpmath","events":[{"introduced":"0"},{"fixed":"46d44c3c8f3244017fe1eb102d564eb4ab8ef750"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.0"}]}],"versions":["0.1","0.10","0.11","0.12","0.13","0.14","0.15","0.16","0.17","0.18","0.19","0.2","0.3","0.4","0.5","0.6","0.7","0.8","0.9","1.0.0","1.1.0","1.2.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/mpmath/PYSEC-2021-427.yaml"}}],"schema_version":"1.7.3"}