15 matches found
EUVD-2025-25267
Malicious code in bioql PyPI...
Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module
Withdrawn Advisory This advisory has been withdrawn because the attack surface of this vulnerability is outside of Knack's intended functionality. The maintainer states the following: These CVEs are invalid. Knack is a CLI framework used by Azure CLI. It's a local library, not a web service. In...
Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module
Withdrawn Advisory This advisory has been withdrawn because the attack surface of this vulnerability is outside of Knack's intended functionality. The maintainer states the following: These CVEs are invalid. Knack is a CLI framework used by Azure CLI. It's a local library, not a web service. In...
CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...
CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...
CVE-2025-54364
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...
CVE-2025-54364
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...
CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...
PT-2025-33896 · Microsoft +1 · Knack +1
Name of the Vulnerable Software and Affected Versions: Microsoft Knack version 0.12.0 Description: The software is susceptible to a Regular expression Denial of Service ReDoS issue within the knack.introspection module. Recommendations: At the moment, there is no information about a newer version...
CVE-2025-54364
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...
CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...
PT-2025-33897 · Microsoft +1 · Knack +1
Name of the Vulnerable Software and Affected Versions: Microsoft Knack version 0.12.0 Description: The software contains a Regular expression Denial of Service ReDoS issue within the knack.introspection module. Recommendations: At the moment, there is no information about a newer version that...
CVE-2025-54363
Microsoft Knack 0.12.0 is affected by a Regular Expression Denial of Service (ReDoS) in the knack.introspection module. The extract_full_summary_from_signature uses an inefficient pattern "\s(:param)\s+(.+?)\s:(.*)" that can catastrophically backtrack when processing crafted docstrings with lots ...
CVE-2025-54364
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...
CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...