Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Valibot has a ReDoS vulnerability in `EMOJI_REGEX`
Vulnerability Description
Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJI_REGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. A short, maliciously crafted string (e.g., <100 characters) can cause the regex engine to consume excessive CPU time (minutes), leading to a Denial of Service (DoS) for the application. This issue has been patched in version 1.2.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
CWE-1333
Vulnerability Title
Valibot 安全漏洞
Vulnerability Description
Valibot是Open Circle开源的一个用于结构化数据验证的库。 Valibot 0.31.0版本至1.1.0版本存在安全漏洞,该漏洞源于EMOJI_REGEX容易受到正则表达式拒绝服务攻击,可能导致应用程序拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A