The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Inefficient Regular Expression Complexity vulnerabilities in an interactive lesson.
Start learningUpgrade Chainguard
reflex
to version 0.4.0-r0 or higher.
Note: Versions mentioned in the description apply only to the upstream reflex
package and not the reflex
package as distributed by Chainguard
.
See How to fix?
for Chainguard
relevant fixed versions and status.
python-multipart
is a streaming multipart parser for Python. When using form data, python-multipart
uses a Regular Expression to parse the HTTP Content-Type
header, including options. An attacker could send a custom-made Content-Type
option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.