---

CVE-2021-21236 - log back

CVE-2021-21236 edited at 06 Jan 2021 19:18:19

Description

- In python-cairosvg before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provides a malicious SVG, it can make python-cairosvg get stuck processing the file for a very long time. This is fixed in version 2.5.1. + In python-cairosvg before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to regular expression denial of service (REDoS). If an attacker provides a malicious SVG, it can make python-cairosvg get stuck processing the file for a very long time. This is fixed in version 2.5.1.

CVE-2021-21236 edited at 06 Jan 2021 19:13:25
Severity	- Unknown + Low
Remote	- Unknown + Local
Type	- Unknown + Denial of service
Description	+ In python-cairosvg before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provides a malicious SVG, it can make python-cairosvg get stuck processing the file for a very long time. This is fixed in version 2.5.1.
References	+ https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf + https://github.com/Kozea/CairoSVG/commit/063185b60588a41d4df661ad70f9f7b699901abc
Notes

CVE-2021-21236 created at 06 Jan 2021 19:09:15