ArchLinux: 202105-24: python-pydantic: denial of service
Summary
A security issue has been found in pydantic before version 1.8.2. Passing either 'infinity', 'inf' or float('inf') (or their negatives) to datetime or date fields causes validation to run forever with 100% CPU usage (on one CPU).
Resolution
Upgrade to 1.8.2-1.
# pacman -Syu "python-pydantic>=1.8.2-1"
The problem has been fixed upstream in version 1.8.2.
References
https://github.com/pydantic/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh https://github.com/pydantic/pydantic/commit/1c24f1d74ba95ea985b50bdc001ce96c813229aa https://security.archlinux.org/CVE-2021-29510
Workaround
None.