Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
mechanize vulnerable to ReDoS
Vulnerability Description
mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
CWE-1333
Vulnerability Title
Mechanize 安全漏洞
Vulnerability Description
Mechanize是Sparkle Motion开源的一个 ruby 库。用于自动与网站交互。 Mechanize 0.4.6之前版本存在安全漏洞,该漏洞源于易受正则表达式拒绝服务(ReDoS)攻击。
CVSS Information
N/A
Vulnerability Type
N/A