Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.
History

Mon, 28 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Benhmoore
Benhmoore knwl
CPEs cpe:2.3:a:benhmoore:knwl:*:*:*:*:*:*:*:*
Vendors & Products Benhmoore
Benhmoore knwl
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 26 Oct 2024 20:45:00 +0000

Type Values Removed Values Added
Description Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.
Title GHSL-2020-296: Regular Expression Denial of Service (ReDoS) in Knwl.js
Weaknesses CWE-1333
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Green'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-10-26T20:26:19.170Z

Updated: 2024-10-28T14:50:27.620Z

Reserved: 2020-10-01T00:00:00.000Z

Link: CVE-2020-26306

cve-icon Vulnrichment

Updated: 2024-10-28T14:50:21.989Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-26T21:15:13.883

Modified: 2024-10-28T13:58:09.230

Link: CVE-2020-26306

cve-icon Redhat

No data.