Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. option_descriptions employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastrophic backtracking when processing crafted docstrings containing a large volume of whitespace without a terminating colon. An attacker who can control or inject docstring content into affected applications can trigger excessive CPU consumption. This software is used by Azure CLI.
CVSS Information
N/A
Vulnerability Type
CWE-1333
Vulnerability Title
knack 安全漏洞
Vulnerability Description
knack是Microsoft开源的一个命令行界面框架。 knack 0.12.0版本存在安全漏洞,该漏洞源于正则表达式拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A