漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Rhino vulnerable high CPU usage and potential DoS when passing specific numbers to toFixed() function
Vulnerability Description
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Mozilla Rhino 资源管理错误漏洞
Vulnerability Description
Mozilla Rhino是美国Mozilla公司的一个开源的JavaScript引擎。 Mozilla Rhino 1.8.1版本、1.7.15.1版本和1.7.14.1版本之前版本存在资源管理错误漏洞,该漏洞源于toFixed函数处理浮点数不当,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A