cel-rust May Panic During Parsing of Invalid CEL Expressions

cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions (e.g., user-supplied input over an API), an attacker can send crafted input to trigger a denial of service (DoS). Version 0.11.4 fixes the issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

输入验证不恰当

Common Expression Language 输入验证错误漏洞

Common Expression Language是cel-rust开源的一个用Rust编写的通用表达式语言解释器。 Common Expression Language 0.10.0版本至0.11.4之前版本存在输入验证错误漏洞，该漏洞源于解析特定格式错误的CEL表达式可能导致解析器崩溃，可能导致拒绝服务攻击。

N/A

N/A