cvedb.io
CVE-2021-39229
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2021-09-20T22:15:07.530 · Last modified 2026-06-17T04:03:21.583

Summary

Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack on an inefficient regular expression. The vulnerable regular expression is [here](https://github.com/caronc/apprise/blob/0007eade20934ddef0aba38b8f1aad980cfff253/apprise/plugins/NotifyIFTTT.py#L356-L359). The problem has been patched in release version 0.9.5.1. Users who are unable to upgrade are advised to remove `apprise/plugins/NotifyIFTTT.py` to eliminate the service.

Affected products

nuxref — apprise

Does this affect you?

Add your gear to cvedb and we'll alert you only when nuxref ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.