1byte-react-design (>=1.7.1 <=1.14.0), @agentscope-ai/chat (>=1.1.43 <=1.1.63-beta.1778041790294) +237 more potentially affected by unknown CVE via @antv/expr (=1.0.2)

@antv/expr NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/expr and may be impacted: - 1byte-react-design =1.7.1, =1.1.43, =1.0.1, =0.14.3, =2.0.0, =2.0.0, =1.0.0, =2.0.0, =3.0.3, =3.0.0, =0.5.6, =5.1.5, =0.1.6, =0.1.0, =0.1.0,...

github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation

A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...

Expr 安全漏洞

Expr is an expression language and expression evaluation for Go open-sourced by Expr. A security vulnerability exists in versions of Expr prior to 1.17.7, which stems from multiple built-in functions that do not enforce maximum recursion depth, potentially resulting in a stack overflow and proces...

CVE-2025-29786

A flaw was found in Expr. This vulnerability allows excessive memory usage and potential out-of-memory OOM crashes via unbounded input strings, where a malicious or inadvertent large expression can cause the parser to construct an extremely large Abstract Syntax Tree AST, consuming excessive...