{"id":"PYSEC-2024-60","details":"A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.","aliases":["CVE-2024-3651","GHSA-jjg7-2v4v-x38h"],"modified":"2024-07-11T17:42:33.704488Z","published":"2024-07-07T18:15:00Z","references":[{"type":"FIX","url":"https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb"},{"type":"FIX","url":"https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"}],"affected":[{"package":{"name":"idna","ecosystem":"PyPI","purl":"pkg:pypi/idna"},"ranges":[{"type":"GIT","repo":"https://github.com/kjd/idna","events":[{"introduced":"0"},{"fixed":"1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0.1"},{"fixed":"3.7"}]}],"versions":["0.1","0.2","0.3","0.4","0.5","0.6","0.7","0.8","0.9","1.0","1.1","2.0","2.1","2.10","2.2","2.3","2.4","2.5","2.6","2.7","2.8","2.9","3.0","3.1","3.2","3.3","3.4","3.5","3.6"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/idna/PYSEC-2024-60.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}