Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.
Metrics
Affected Vendors & Products
References
History
Mon, 28 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Benhmoore
Benhmoore knwl |
|
CPEs | cpe:2.3:a:benhmoore:knwl:*:*:*:*:*:*:*:* | |
Vendors & Products |
Benhmoore
Benhmoore knwl |
|
Metrics |
ssvc
|
Sat, 26 Oct 2024 20:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available. | |
Title | GHSL-2020-296: Regular Expression Denial of Service (ReDoS) in Knwl.js | |
Weaknesses | CWE-1333 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-10-26T20:26:19.170Z
Updated: 2024-10-28T14:50:27.620Z
Reserved: 2020-10-01T00:00:00.000Z
Link: CVE-2020-26306
Vulnrichment
Updated: 2024-10-28T14:50:21.989Z
NVD
Status : Awaiting Analysis
Published: 2024-10-26T21:15:13.883
Modified: 2024-10-28T13:58:09.230
Link: CVE-2020-26306
Redhat
No data.