CVE-2025-5896

Опубликовано: 09 июн. 2025

Источник: nvd

CVSS3: 4.3

CVSS3: 7.5

CVSS2: 4

EPSS Низкий

Описание

A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 4.1.2 is able to address this issue. The name of the patch is c2e321a8b6fc873427c466c69f41ed0b5e8814bf. It is recommended to upgrade the affected component.

Ссылки

https://github.com/NervJS/taro/commit/c2e321a8b6fc873427c466c69f41ed0b5e8814bf
Patch
https://github.com/NervJS/taro/pull/17619
Exploit
Issue Tracking
Patch
https://github.com/NervJS/taro/releases/tag/v4.1.2
Release Notes
https://vuldb.com/?ctiid.311668
Permissions Required
VDB Entry
https://vuldb.com/?id.311668
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.585796
Third Party Advisory
VDB Entry
https://github.com/NervJS/taro/pull/17619
Exploit
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:taro:taro:*:*:*:*:*:node.js:*:*

Версия до 4.1.2 (исключая)

EPSS

Процентиль: 36%

0.00152

Низкий

4.3 Medium

CVSS3

7.5 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-400

CWE-1333

Связанные уязвимости

GHSA-f5xg-cfpj-2mw6

CVSS3: 4.3

github

8 месяцев назад

taro-css-to-react-native Regular Expression Denial of Service vulnerability

EPSS

Процентиль: 36%

0.00152

Низкий

4.3 Medium

CVSS3

7.5 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-400

CWE-1333