Homepage
About Snyk

idna@2.7 vulnerabilities

Internationalized Domain Names in Applications (IDNA)

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the idna package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Resource Exhaustion

Affected versions of this package are vulnerable to Resource Exhaustion via the idna.encode function. An attacker can consume significant resources and potentially cause a denial-of-service by supplying specially crafted arguments to this function.

Note: This is triggered by arbitrarily large inputs that would not occur in normal usage but may be passed to the library assuming there is no preliminary input validation by the higher-level application.

How to fix Resource Exhaustion?

Upgrade idna to version 3.7 or higher.

[,3.7)
Go back to all versions of this package