CVE-2021-29510

Name of the Vulnerable Software and Affected Versions Pydantic versions prior to v1.6.2 Pydantic versions prior to v1.7.4 Pydantic versions prior to v1.8.2

Description The issue is related to the incorrect handling of 'infinity', 'inf', and float('inf') values in date fields, causing validation to run forever with 100% CPU usage. Passing either 'infinity', 'inf', or float('inf') (or their negatives) to datetime or date fields can lead to this problem.

Recommendations For versions prior to v1.6.2, upgrade to v1.6.2 or later. For versions prior to v1.7.4, upgrade to v1.7.4 or later. For versions prior to v1.8.2, upgrade to v1.8.2 or later. As a temporary workaround, consider using a validator to catch these values, such as the skip infinite values function, to prevent infinite validation. However, upgrading Pydantic to a fixed version is the recommended solution. If you are not using v1.8.x, v1.7.x, or v1.6.x and are unable to upgrade to a fixed version of Pydantic, please create an issue requesting a back-port.