Workflow

PyPi: Ozi

CVE-2024-21503

Transitive

Safety vulnerability ID: 67005

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 19, 2024 Updated at Dec 11, 2024
Scan your Python projects for vulnerabilities →

Advisory

Ozi version 0.0.302 updates its dependency on Black to version 24.3 or higher. This adjustment is made to address the ReDoS (Regular Expression Denial of Service) vulnerability identified in CVE-2024-21503.

Affected package

ozi

Latest version: 1.27.0

Package Python projects with Meson.

Affected versions

Fixed versions

Vulnerability changelog

:pushpin:

* :pushpin: Pin black to >=24.3.

This mitigates a known REDOS vulnerability.

Signed-off-by: rjdbcm <rjdbcmmail.umkc.edu> ([`403fd1f`](https://github.com/OZI-Project/OZI/commit/403fd1fb4b17beebdd678f9b41725bfe82502f79))

Other

* Merge pull request 301 from OZI-Project/main

Release ([`acd7e51`](https://github.com/OZI-Project/OZI/commit/acd7e51d5023ad790592a11d5c35bbe9ce4aad95))

* Merge pull request 300 from OZI-Project/dev

Dev merge ([`cc23d18`](https://github.com/OZI-Project/OZI/commit/cc23d185defc23dd3b5d0945624f2bbc78bbf9e4))

* Merge branch &39;main&39; into dev ([`e44ae0c`](https://github.com/OZI-Project/OZI/commit/e44ae0c817d2d939033f8cf0540b69f48d67d3f1))

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application