Количество 4
Количество 4

CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module (issue 1 of 2).

CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. extract_full_summary_from_signature employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastrophic backtracking when processing crafted docstrings containing a large volume of whitespace without a terminating colon. An attacker who can control or inject docstring content into affected applications can trigger excessive CPU consumption. This software is used by Azure CLI.
CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service (Re ...
GHSA-6fxp-p9mg-q64w
Microsoft Knack ReDoS Vulnerability in the Introspection Module
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
---|---|---|---|---|
![]() | CVE-2025-54363 Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module (issue 1 of 2). | 0% Низкий | 9 дней назад | |
![]() | CVE-2025-54363 Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. extract_full_summary_from_signature employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastrophic backtracking when processing crafted docstrings containing a large volume of whitespace without a terminating colon. An attacker who can control or inject docstring content into affected applications can trigger excessive CPU consumption. This software is used by Azure CLI. | 0% Низкий | 9 дней назад | |
CVE-2025-54363 Microsoft Knack 0.12.0 allows Regular expression Denial of Service (Re ... | 0% Низкий | 9 дней назад | ||
GHSA-6fxp-p9mg-q64w Microsoft Knack ReDoS Vulnerability in the Introspection Module | 0% Низкий | 9 дней назад |
Уязвимостей на страницу