Количество 7
Количество 7
GHSA-3w8q-xq97-5j7x
Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function
CVE-2025-66453
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
CVE-2025-66453
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
CVE-2025-66453
Rhino is an open-source implementation of JavaScript written entirely ...
openSUSE-SU-2026:20297-1
Security update for rhino
SUSE-SU-2025:4390-1
Security update for rhino
BDU:2026-01706
Уязвимость функции toFixed() среды выполнения JavaScript-кода Rhino, позволяющая нарушителю вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-3w8q-xq97-5j7x Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function | 0% Низкий | 4 месяца назад | |
 | CVE-2025-66453 Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1. | 0% Низкий | 4 месяца назад | |
 | CVE-2025-66453 Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1. | 0% Низкий | 4 месяца назад | |
| CVE-2025-66453 Rhino is an open-source implementation of JavaScript written entirely ... | 0% Низкий | 4 месяца назад | |
 | openSUSE-SU-2026:20297-1 Security update for rhino | 0% Низкий | около 1 месяца назад | |
| SUSE-SU-2025:4390-1 Security update for rhino | 0% Низкий | 4 месяца назад | |
 | BDU:2026-01706 Уязвимость функции toFixed() среды выполнения JavaScript-кода Rhino, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5.3 | 0% Низкий | 4 месяца назад |
Уязвимостей на страницу