What the vulnerability does
01Description
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
CVSS base score
6.5/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Key dates
02Disclosure timeline
June 19, 2018
CVE published
August 5, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-4287 Improper Input Validation in mintplex-labs/anything-llm
CVE-2021-36044 Magento Commerce GraphQL Improper Input Validation Could Lead To Denial Of Service
CVE-2020-28221
CVE-2026-34445 ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.
CVE-2025-52620 HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability
