Home Packages KEV Critical Insights Jobs Pricing

Loading…

Data from OSV.dev, CISA KEV, and FIRST EPSS.Sync status GitHub

CVE-2024-23732 — ReDoS in Embedchain · VulnScope

CVE-2024-23732

ReDoS in Embedchain

EPSS 0.07%

Description

The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py.

How to fix CVE-2024-23732

To remediate CVE-2024-23732, upgrade the affected package to a fixed version below.

PyPI/embedchain—upgrade to 0.1.57 or later
PyPI/embedchain—upgrade to 0.1.57 or later

Is CVE-2024-23732 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 0.1.57
from 0, < 0.1.57

References (5)

ADVISORYgithub.com/advisories/GHSA-r67w-f99w-mgxj
ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-23732
WEBgithub.com/embedchain/embedchain/compare/0.1.56...0.1.57
WEBgithub.com/embedchain/embedchain/pull/1122

Metadata

Published: 1/21/2024
Modified: 6/10/2026

Also known as:

GHSA-r67w-f99w-mgxjghsa
PYSEC-2024-8pysec

WEB

github.com/pypa/advisory-database/tree/main/vulns/embedchain/PYSEC-2024-8.yaml

PyPI/embedchain

PyPI/embedchain