漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
connorskees grass visitor denial of service
Vulnerability Description
A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the function grass_compiler::selector::extend/grass_compiler::evaluate::visitor. The manipulation leads to denial of service. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The project maintainer explains: "DoS vulnerabilities are generally fine in Sass compilers -- they are trivially possible with recursive functions, infinite loops, nested mixins, etc. The description here is wrong. Compile time is not expected to be linear relative to the input, and the @extend algorithm is definitionally exponential."
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
不恰当的资源关闭或释放
Vulnerability Title
Connor Skees grass 资源管理错误漏洞
Vulnerability Description
Connor Skees grass是Connor Skees个人开发者的一个使用Rust编写的Sass编译器。 Connor Skees grass 0.13.4及之前版本存在资源管理错误漏洞,该漏洞源于在函数grass_compiler::selector::extend/grass_compiler::evaluate::visitor中的操作,可能导致拒绝服务。攻击者需要本地访问来利用此漏洞。
CVSS Information
N/A
Vulnerability Type
N/A