Safety vulnerability ID: 74160
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of Giskard are vulnerable to Regular Expression Denial of Service (CWE-1333). This vulnerability allows attackers to trigger exponential regex evaluation times by supplying specially crafted text patterns, leading to denial of service through extended processing times or application crashes. The issue resides in the gruber regular expression used in the text perturbation detector's punctuation removal transformation. It is exploitable by submitting text with complex URL patterns that cause catastrophic backtracking.
Latest version: 2.16.0
The testing framework dedicated to ML models, from tabular to LLMs
Release 2.15.5 fixes a [ReDoS vulnerability](https://github.com/Giskard-AI/giskard/security/advisories/GHSA-pjwm-cr36-mwv3) discovered in Giskard text perturbation detector (CVE-2024-52524).
Thanks to kevinbackhouse for disclosing the issue and helping with the resolution.
**Full Changelog**: https://github.com/Giskard-AI/giskard/compare/v2.15.4...v2.15.5
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application