PyPI package
pydantic
pkg:pypi/pydantic
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-3772 | — | >= 2.0.0, < 2.4.0 | 2.4.0 | Apr 15, 2024 | Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string. | ||
| CVE-2021-29510 | — | < 1.6.2 | 1.6.2 | May 13, 2021 | Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU usage (on one CPU). Pyda |
- CVE-2024-3772Apr 15, 2024affected >= 2.0.0, < 2.4.0fixed 2.4.0
Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.
- CVE-2021-29510May 13, 2021affected < 1.6.2fixed 1.6.2
Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU usage (on one CPU). Pyda