{"id":"PYSEC-2021-325","details":"Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1.","aliases":["CVE-2021-32838","GHSA-3q6g-vf58-7m4g"],"modified":"2023-11-08T04:06:01.923801Z","published":"2021-09-20T18:15:00Z","references":[{"type":"REPORT","url":"https://github.com/python-restx/flask-restx/issues/372"},{"type":"PACKAGE","url":"https://pypi.org/project/flask-restx/"},{"type":"FIX","url":"https://github.com/python-restx/flask-restx/commit/bab31e085f355dd73858fd3715f7ed71849656da"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-3q6g-vf58-7m4g"},{"type":"WEB","url":"https://github.com/python-restx/flask-restx/blob/fd99fe11a88531f5f3441a278f7020589f9d2cc0/flask_restx/inputs.py#L51"}],"affected":[{"package":{"name":"flask-restx","ecosystem":"PyPI","purl":"pkg:pypi/flask-restx"},"ranges":[{"type":"GIT","repo":"https://github.com/python-restx/flask-restx","events":[{"introduced":"0"},{"fixed":"bab31e085f355dd73858fd3715f7ed71849656da"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.1"}]}],"versions":["0.0.1.dev0","0.1.0","0.1.1","0.2.0","0.3.0","0.4.0","0.5.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/flask-restx/PYSEC-2021-325.yaml"}}],"schema_version":"1.7.3"}