CVE-2020-26306 HIGH

CVE-2020-26306: GHSL-2020-296: Regular Expression Denial of Service (ReDoS) in Knwl.js

Vendor Benhmoore
Product Knwl
Weakness CWE-1333
Published October 26, 2024
Last update October 28, 2024

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Green

What the vulnerability does

01Description

Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.

Key dates

02Disclosure timeline

October 26, 2024 CVE published
October 28, 2024 Record updated