Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dasel: Denial of service in dasel selector lexer due to infinite loop on unterminated regex literal
Vulnerability Description
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. From 3.0.0 until 3.10.1, the selector lexer matchRegexPattern closure in (*Tokenizer).parseCurRune in selector/lexer/tokenize.go loops while tokenizing an unterminated regex literal such as r/ because peekRuneEqual returns false after the end of input, allowing attacker-controlled selector strings to consume CPU indefinitely. This issue is fixed in version 3.10.1.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不可达退出条件的循环(无限循环)
Vulnerability Title
tomwright dasel 资源管理错误漏洞
Vulnerability Description
tomwright dasel是tomwright个人开发者开源的一个命令行数据查询与转换工具。 tomwright dasel 3.0.0版本至3.10.1之前版本存在资源管理错误漏洞,该漏洞源于selector lexer中matchRegexPattern闭包在解析未终止的正则表达式时循环,导致攻击者控制的字符串消耗CPU资源,造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A