Количество 2
Количество 2
CVE-2025-66020
Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJI_REGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. A short, maliciously crafted string (e.g., <100 characters) can cause the regex engine to consume excessive CPU time (minutes), leading to a Denial of Service (DoS) for the application. This issue has been patched in version 1.2.0.
GHSA-vqpr-j7v3-hqw9
Valibot has a ReDoS vulnerability in `EMOJI_REGEX`
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-66020 Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJI_REGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. A short, maliciously crafted string (e.g., <100 characters) can cause the regex engine to consume excessive CPU time (minutes), leading to a Denial of Service (DoS) for the application. This issue has been patched in version 1.2.0. | CVSS3: 7.5 | 0% Низкий | 2 месяца назад |
| GHSA-vqpr-j7v3-hqw9 Valibot has a ReDoS vulnerability in `EMOJI_REGEX` | CVSS3: 7.5 | 0% Низкий | 2 месяца назад |
Уязвимостей на страницу