Pydantic Pydanticproject Pydantic

Do you want an email whenever new security vulnerabilities are reported in Pydanticproject Pydantic?

By the Year

In 2021 there have been 1 vulnerability in Pydanticproject Pydantic with an average score of 7.5 out of ten. Pydantic did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2021 as compared to last year.

Year Vulnerabilities Average Score
2021 1 7.50
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Pydantic vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Pydanticproject Pydantic Security Vulnerabilities

Pydantic is a data validation and settings management using Python type hinting

CVE-2021-29510 7.5 - High - May 13, 2021

Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU usage (on one CPU). Pydantic has been patched with fixes available in the following versions: v1.8.2, v1.7.4, v1.6.2. All these versions are available on pypi(https://pypi.org/project/pydantic/#history), and will be available on conda-forge(https://anaconda.org/conda-forge/pydantic) soon. See the changelog(https://pydantic-docs.helpmanual.io/) for details. If you absolutely can't upgrade, you can work around this risk using a validator(https://pydantic-docs.helpmanual.io/usage/validators/) to catch these values. This is not an ideal solution (in particular you'll need a slightly different function for datetimes), instead of a hack like this you should upgrade pydantic. If you are not using v1.8.x, v1.7.x or v1.6.x and are unable to upgrade to a fixed version of pydantic, please create an issue at https://github.com/samuelcolvin/pydantic/issues requesting a back-port, and we will endeavour to release a patch for earlier versions of pydantic.

Infinite Loop

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Pydanticproject? Click the Watch button to subscribe.

subscribe