JessieTeng89
commented
5 months ago I will create a PR for this.
Closed JessieTeng89 closed 5 months ago
JessieTeng89
commented
5 months ago I will create a PR for this.
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service.
Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.