High severityNVD Advisory· Published Jun 21, 2021· Updated Aug 3, 2024
CVE-2021-29063
CVE-2021-29063
Description
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mpmathPyPI | < 1.3.0 | 1.3.0 |
Affected products
10- Mpmath/Mpmathdescription
- osv-coords9 versionspkg:apk/chainguard/py3.10-mpmathpkg:apk/chainguard/py3.11-mpmathpkg:apk/chainguard/py3.12-mpmathpkg:apk/chainguard/py3.13-mpmathpkg:apk/wolfi/py3.10-mpmathpkg:apk/wolfi/py3.11-mpmathpkg:apk/wolfi/py3.12-mpmathpkg:apk/wolfi/py3.13-mpmathpkg:pypi/mpmath
< 1.4.0-r1+ 8 more
- (no CPE)range: < 1.4.0-r1
- (no CPE)range: < 1.4.0-r1
- (no CPE)range: < 1.4.0-r1
- (no CPE)range: < 1.4.0-r1
- (no CPE)range: < 1.4.0-r1
- (no CPE)range: < 1.4.0-r1
- (no CPE)range: < 1.4.0-r1
- (no CPE)range: < 1.4.0-r1
- (no CPE)range: < 1.3.0
Patches
Vulnerability mechanics
References
19- github.com/advisories/GHSA-f865-m6cq-j9vxghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3M5O55E7VUDMXCPQR6MQTOIFDKHP36AA/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIUX3XWY2K3MSO7QXMZXQQYAURARSPC5/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS2U6GLXQSRZJE2HVUAUMVFR2DWQLCZG/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2021-29063ghsaADVISORY
- github.com/fredrik-johansson/mpmath/commit/46d44c3c8f3244017fe1eb102d564eb4ab8ef750ghsaWEB
- github.com/fredrik-johansson/mpmath/commit/c811b37c65a4372a7ce613111d2a508c204f9833ghsaWEB
- github.com/fredrik-johansson/mpmath/issues/548ghsaWEB
- github.com/mpmath/mpmath/commit/c811b37c65a4372a7ce613111d2a508c204f9833ghsaWEB
- github.com/mpmath/mpmath/pull/570ghsaWEB
- github.com/mpmath/mpmath/releases/tag/1.3.0ghsaWEB
- github.com/npm/hosted-git-info/pull/76ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/mpmath/PYSEC-2021-427.yamlghsaWEB
- github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.mdghsaWEB
- github.com/yetingli/SaveResults/blob/main/js/hosted-git-info.jsghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3M5O55E7VUDMXCPQR6MQTOIFDKHP36AAghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUX3XWY2K3MSO7QXMZXQQYAURARSPC5ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MS2U6GLXQSRZJE2HVUAUMVFR2DWQLCZGghsaWEB
- www.npmjs.com/package/hosted-git-infoghsaWEB
News mentions
0No linked articles in our index yet.