漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Denial of Service (DoS) in SAPUI5 framework (Markdown-it component)
Vulnerability Description
SAPUI5 (and OpenUI5) packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system unresponsiveness due to a blocked processing thread. This vulnerability has no impact on confidentiality or integrity but has a high impact on system availability.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不对称的资源消耗(放大攻击)
Vulnerability Title
SAP SAPUI5 安全漏洞
Vulnerability Description
SAP SAPUI5是德国思爱普(SAP)公司的一款JavaScript应用程序框架。 SAP SAPUI5存在安全漏洞,该漏洞源于使用过时的第三方库导致无限循环,可能造成拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A