CVE-2021-21236 log

Source
Severity Low
Remote No
Type Denial of service
Description
In python-cairosvg before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to regular expression denial of service (REDoS). If an attacker provides a malicious SVG, it can make python-cairosvg get stuck processing the file for a very long time. This is fixed in version 2.5.1.
Group Package Affected Fixed Severity Status Ticket
AVG-1412 python-cairosvg 2.5.0-3 2.5.1-1 Low Fixed
Date Advisory Group Package Severity Type
12 Jan 2021 ASA-202101-12 AVG-1412 python-cairosvg Low denial of service
References
https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf
https://github.com/Kozea/CairoSVG/commit/063185b60588a41d4df661ad70f9f7b699901abc