CVE-2024-52524

# ReDoS in Giskard text perturbation detector A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the [GitHub Security Lab](https://securitylab.github.com) team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. ## Details The vulnerability affects Giskard's punctuation removal transformation used in the text perturbation detection. A regex used to detect URLs and links was vulnerable to catastrophic backtracking that could be triggered by specific patterns in the text. ## Affected version Giskard versions prior to 2.15.5 are affected. Users should upgrade to version 2.15.5 or later, which includes a fix for this vulnerability. ## Impact This vulnerability can cause extended computation times or crashes in Giskard when processing text containing certain patterns. ## Credit This issue was discovered and reported by GHSL team member [@kevinbackhouse (Kevin Backhouse)](https://github.com/kevinbackhouse).