CVE-2020-26306

Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no known patches are...

Regular Expression Denial Of Service (ReDoS)

Knwl.js is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the presence of inefficient regular expressions, which allow attackers to craft input that causes excessive backtracking, leading to high CPU usage and potential service disruption...

asksuite-core (>=1.0.93 <=2.32.81), machinepack-knwl (=1.0.0) potentially affected by CVE-2020-26306 via knwl.js (=1.0.2)

knwl.js NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on knwl.js and may be impacted: - asksuite-core =1.0.93, =2.32.81 - machinepack-knwl =1.0.0 Source cves: CVE-2020-26306 Source advisory: OSV:GHSA-68QG-G787-3RP5...

Knwl.js 安全漏洞

Knwl.js is a Javascript library from the individual developer Ben Moore that parses dates, times, phone numbers, emails, locations, etc. from text. A security vulnerability exists in Knwl.js version 1.0.2 and earlier versions, which stems from the presence of a regular expression denial of servic...