关键信息 漏洞详情 CVE: CVE-2021-3820 类型: Inefficient Regular Expression Complexity (CWE-1333) 严重性: Medium (5.3) 受影响版本: 状态: Fixed 描述 描述: The package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide a crafted as input to the function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. 影响 影响: This vulnerability is capable of exhausting system resources and leads to crashes. 证明概念 (PoC) 步骤: Put the provided code in a file and run with . 输出: Shows the increasing classify time with increasing payload size. 修复 修复者: ready-research 修复时间**: 4 years ago