16 matches found
EUVD-2025-25267
Malicious code in bioql PyPI...
EUVD-2025-25266
Malicious code in bioql PyPI...
CVE-2025-54364
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...
CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...
GHSA-XH9H-692F-MMG4 Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module
Withdrawn Advisory This advisory has been withdrawn because the attack surface of this vulnerability is outside of Knack's intended functionality. The maintainer states the following: These CVEs are invalid. Knack is a CLI framework used by Azure CLI. It's a local library, not a web service. In...
Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module
Withdrawn Advisory This advisory has been withdrawn because the attack surface of this vulnerability is outside of Knack's intended functionality. The maintainer states the following: These CVEs are invalid. Knack is a CLI framework used by Azure CLI. It's a local library, not a web service. In...
Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module
Withdrawn Advisory This advisory has been withdrawn because the attack surface of this vulnerability is outside of Knack's intended functionality. The maintainer states the following: These CVEs are invalid. Knack is a CLI framework used by Azure CLI. It's a local library, not a web service. In...
GHSA-6FXP-P9MG-Q64W Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module
Withdrawn Advisory This advisory has been withdrawn because the attack surface of this vulnerability is outside of Knack's intended functionality. The maintainer states the following: These CVEs are invalid. Knack is a CLI framework used by Azure CLI. It's a local library, not a web service. In...
CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...
CVE-2025-54364
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...
CVE-2025-54364
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...
knack 安全漏洞
knack is an open source command line interface framework from Microsoft. A security vulnerability exists in knack version 0.12.0, which stems from a regular expression denial of service vulnerability in the knack.introspection module that could lead to excessive CPU consumption...
CVE-2025-54364
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...
CVE-2025-54364
Summary (CVE-2025-54364) Microsoft Knack 0.12.0 contains a vulnerability in the knack.introspection module where option_descriptions uses an inefficient regex "\s(:param)\s+(.+?)\s:(.*)" that can backtrack catastrophically with crafted docstrings containing lots of whitespace, potentially causing...
CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...
CVE-2025-54364
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...