漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Inefficient Regular Expression Complexity in rails-html-sanitizer
Vulnerability Description
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
CWE-1333
Vulnerability Title
Rails 安全漏洞
Vulnerability Description
Rails是美国Rails团队的一套基于Ruby语言的开源Web应用框架。 Rails rails-html-sanitizer 1.4.4之前版本存在安全漏洞,该漏洞源于使用低效的正则表达式,在尝试清理某些 SVG 属性时容易受到过度回溯的影响,这可能会因 CPU 资源消耗而导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A