{"id":"PYSEC-2021-47","details":"Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU usage (on one CPU). Pydantic has been patched with fixes available in the following versions: v1.8.2, v1.7.4, v1.6.2. All these versions are available on pypi(https://pypi.org/project/pydantic/#history), and will be available on conda-forge(https://anaconda.org/conda-forge/pydantic) soon. See the changelog(https://pydantic-docs.helpmanual.io/) for details. If you absolutely can't upgrade, you can work around this risk using a validator(https://pydantic-docs.helpmanual.io/usage/validators/) to catch these values. This is not an ideal solution (in particular you'll need a slightly different function for datetimes), instead of a hack like this you should upgrade pydantic. If you are not using v1.8.x, v1.7.x or v1.6.x and are unable to upgrade to a fixed version of pydantic, please create an issue at https://github.com/samuelcolvin/pydantic/issues requesting a back-port, and we will endeavour to release a patch for earlier versions of pydantic.","aliases":["CVE-2021-29510","GHSA-5jqp-qgf6-3pvh"],"modified":"2023-11-08T04:05:36.143828Z","published":"2021-05-13T19:15:00Z","references":[{"type":"ADVISORY","url":"https://github.com/samuelcolvin/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh"},{"type":"FIX","url":"https://github.com/samuelcolvin/pydantic/commit/7e83fdd2563ffac081db7ecdf1affa65ef38c468"}],"affected":[{"package":{"name":"pydantic","ecosystem":"PyPI","purl":"pkg:pypi/pydantic"},"ranges":[{"type":"GIT","repo":"https://github.com/samuelcolvin/pydantic","events":[{"introduced":"0"},{"fixed":"7e83fdd2563ffac081db7ecdf1affa65ef38c468"}]},{"type":"ECOSYSTEM","events":[{"introduced":"1.8"},{"fixed":"1.8.2"},{"introduced":"1.7"},{"fixed":"1.7.4"},{"introduced":"0"},{"fixed":"1.6.2"}]}],"versions":["0.0.1","0.0.2","0.0.3","0.0.4","0.0.5","0.0.6","0.0.7","0.0.8","0.1","0.2","0.2.1","0.3","0.4","0.5","0.6","0.6.1","0.6.2","0.6.3","0.6.4","0.7","0.7.1","0.8","0.9","0.9.1","0.10","0.11","0.11.1","0.11.2","0.12","0.12.1","0.13","0.13.1","0.14","0.15","0.16","0.16.1","0.17","0.18","0.18.1","0.18.2","0.19","0.20a1","0.20","0.20.1","0.21","0.22","0.23","0.24","0.25","0.26","0.27a1","0.27","0.28","0.29","0.30","0.30.1","0.31","0.31.1","0.32","0.32.1","0.32.2","1.0b1","1.0b2","1.0","1.1","1.1.1","1.2","1.3","1.4","1.5","1.5.1","1.6","1.6.1","1.7","1.7.1","1.7.2","1.7.3","1.8","1.8.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pydantic/PYSEC-2021-47.yaml"}}],"schema_version":"1.7.3"}