39 matches found
UBUNTU-CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...
CVE-2025-54364
Summary (CVE-2025-54364) Microsoft Knack 0.12.0 contains a vulnerability in the knack.introspection module where option_descriptions uses an inefficient regex "\s(:param)\s+(.+?)\s:(.*)" that can backtrack catastrophically with crafted docstrings containing lots of whitespace, potentially causing...
CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...
knack 安全漏洞
knack is an open source command line interface framework from Microsoft. A security vulnerability exists in knack version 0.12.0, which stems from a regular expression denial of service...
CVE-2025-54363
Microsoft Knack 0.12.0 is affected by a Regular Expression Denial of Service (ReDoS) in the knack.introspection module. The extract_full_summary_from_signature uses an inefficient pattern "\s(:param)\s+(.+?)\s:(.*)" that can catastrophically backtrack when processing crafted docstrings with lots ...
CVE-2025-54364
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...
PT-2025-33896 · Microsoft +1 · Knack +1
Name of the Vulnerable Software and Affected Versions: Microsoft Knack version 0.12.0 Description: The software is susceptible to a Regular expression Denial of Service ReDoS issue within the knack.introspection module. Recommendations: At the moment, there is no information about a newer version...
CVE-2025-54364
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...
CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...
PT-2025-33897 · Microsoft +1 · Knack +1
Name of the Vulnerable Software and Affected Versions: Microsoft Knack version 0.12.0 Description: The software contains a Regular expression Denial of Service ReDoS issue within the knack.introspection module. Recommendations: At the moment, there is no information about a newer version that...
knack 安全漏洞
knack is an open source command line interface framework from Microsoft. A security vulnerability exists in knack version 0.12.0, which stems from a regular expression denial of service vulnerability in the knack.introspection module that could lead to excessive CPU consumption...
CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...
CVE-2025-54364
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...
CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...
CVE-2025-54364
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...
openSUSE Security Advisory (SUSE-SU-2024:1639-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:1639-2 Security update for python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict
This update for python-argcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack,...
SUSE-SU-2024:1639-1 Security update for python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict
This update for python-argcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack,...
SUSE SLES15: libprotobuf-lite20 / python2-cryptography / python2-psutil / etc (SUSE-SU-2023:2783-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2783-1 advisory. grpc: - Update in SLE-15 bsc1197726, bsc1144068 protobuf: - Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941,...