Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. extract_full_summary_from_signature employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastrophic backtracking when processing crafted docstrings containing a large volume of whitespace without a terminating colon. An attacker who can control or inject docstring content into affected applications can trigger excessive CPU consumption. This software is used by Azure CLI.
CVSS Information
N/A
Vulnerability Type
CWE-1333
Vulnerability Title
knack 安全漏洞
Vulnerability Description
knack是Microsoft开源的一个命令行界面框架。 knack 0.12.0版本存在安全漏洞,该漏洞源于knack.introspection模块中的正则表达式拒绝服务漏洞,可能导致CPU消耗过高。
CVSS Information
N/A
Vulnerability Type
N/A