CVE-2021-39229
HIGHApprise < 0.9.5.1 - Denial of Service via IFTTT Plugin Regex
Title source: llmDescription
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack on an inefficient regular expression. The vulnerable regular expression is [here](https://github.com/caronc/apprise/blob/0007eade20934ddef0aba38b8f1aad980cfff253/apprise/plugins/NotifyIFTTT.py#L356-L359). The problem has been patched in release version 0.9.5.1. Users who are unable to upgrade are advised to remove `apprise/plugins/NotifyIFTTT.py` to eliminate the service.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://github.com/caronc/apprise/security/advisories/GHSA-qhmp-h54x-38qr
Patch, Third Party Advisory x_refsource_misc
https://github.com/caronc/apprise/pull/436
Exploit, Third Party Advisory x_refsource_misc
https://github.com/caronc/apprise/blob/0007eade20934ddef0aba38b8f1aad980cfff253/apprise/plugins/NotifyIFTTT.py#L356-L359
Scores
CVSS v3
7.5
EPSS
0.0183
EPSS Percentile
76.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (2)
nuxref/apprise
< 0.9.5.1
pypi/apprise
0 - 0.9.5.1PyPI
Published
Sep 20, 2021
Tracked Since
Feb 18, 2026