Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion
Vulnerability Description
PowSyBl (Power System Blocks) is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the RegexCriterion class. This class compiles and evaluates an unvalidated, user-supplied regular expression against the identifier of an Identifiable object via Pattern.compile(regex).matcher(id).find(). If successfully exploited, a malicious actor can cause significant CPU exhaustion through repeated or recursive filter(...) calls — especially if performed over large network models or filtering operations. This issue has been patched in com.powsybl:powsybl-iidm-criteria 6.7.2.
CVSS Information
N/A
Vulnerability Type
CWE-1333
Vulnerability Title
PowSyBl Core 安全漏洞
Vulnerability Description
PowSyBl Core是PowSyBl开源的一个面向电力系统的软件构建框架。 PowSyBl Core 6.3.0至6.7.2之前版本和com.powsybl:powsybl-contingency-api 5.0.0至6.3.0之前版本存在安全漏洞,该漏洞源于RegexCriterion类存在正则表达式拒绝服务漏洞,可能导致CPU消耗过高。
CVSS Information
N/A
Vulnerability Type
N/A