ASA-202105-24 log generated external raw

[ASA-202105-24] python-pydantic: denial of service
Arch Linux Security Advisory ASA-202105-24 ========================================== Severity: Medium Date : 2021-05-25 CVE-ID : CVE-2021-29510 Package : python-pydantic Type : denial of service Remote : Yes Link : Summary ======= The package python-pydantic before version 1.8.2-1 is vulnerable to denial of service. Resolution ========== Upgrade to 1.8.2-1. # pacman -Syu "python-pydantic>=1.8.2-1" The problem has been fixed upstream in version 1.8.2. Workaround ========== None. Description =========== A security issue has been found in pydantic before version 1.8.2. Passing either 'infinity', 'inf' or float('inf') (or their negatives) to datetime or date fields causes validation to run forever with 100% CPU usage (on one CPU). Impact ====== An attacker could cause high CPU usage using invalid datetime or date fields, leading to denial of service. References ==========