Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
cronvel string-kit naturalSort.js naturalSort redos
Vulnerability Description
A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 0.12.8 is able to address this issue. The name of the patch is 9cac4c298ee92c1695b0695951f1488884a7ca73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217180.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
CWE-1333
Vulnerability Title
String Kit 安全漏洞
Vulnerability Description
String Kit是Cedric Ronvel个人开发者的一个字符串操作工具箱。 String Kit 0.12.7版本及之前版本存在安全漏洞。攻击者利用该漏洞导致正则表达式复杂度低。
CVSS Information
N/A
Vulnerability Type
N/A