AIKIDO-2025-10608
text-to-image is vulnerable to Inefficient Regular Expression Complexity
40
Medium Risk
This Affects:
text-to-imageTL;DR
Affected versions of this package are vulnerable to a Regular Expression Denial of Service (ReDoS) vulnerability in the line trimming code due to inefficient regex patterns that can cause catastrophic backtracking when processing strings with excessive whitespace. An attacker can exploit this by supplying a maliciously crafted input string containing a very long sequence of space characters without a trailing non-space character (e.g., ''.repeat(100000)), which causes the regex engine to excessively backtrack when evaluating the trailing space pattern / +$/ . This results in high CPU utilization and prolonged processing time, potentially leading to application unresponsiveness or denial of service.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
text-to-image is vulnerable to Inefficient Regular Expression Complexity in versions 1.0.0 - 8.0.0.
How to fix this
Upgrade the text-to-image library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant