CVE-2021-29063
Package
mpmath
Overview
mpmath is Python library for arbitrary-precision floating-point arithmetic.
Regular Expression Denial of Service (ReDOS) in Mpmath v1.0.0.
Passing specific string to gopher_parsedir may result in long excesively long evaluation by the regex used inside the function.
Proof of Concept
from mpmath import mpmathify
mpmathify("(" + "1" * 5000 + "j!")GitHub Commit
https://github.com/vks/mpmath/commit/c811b37c65a4372a7ce613111d2a508c204f9833