CNNVD-202506-2785 Information
CNNVD ID
CNNVD-202506-2785
Related CVE
- CNNVD Published: 2025-06-20
Description (Chinese)
PowSyBl Core是PowSyBl开源的一个面向电力系统的软件构建框架。 PowSyBl Core 6.3.0至6.7.2之前版本和com.powsybl:powsybl-contingency-api 5.0.0至6.3.0之前版本存在安全漏洞,该漏洞源于RegexCriterion类存在正则表达式拒绝服务漏洞,可能导致CPU消耗过高。
Description (English)
PowSyBl Core is a software construction framework for power systems that is open to PowSyBl. Prior to PowSyBl Core 6.3.0 to 6.7.2, and before com.powersybl:powersybl-contingency-api 5.0.0 to 6.3.0, there was a security loophole, which originated from the regular expression denial service gap of the RegexCriterion category, which could lead to overconsumption of CPU.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
PowSyBl
Published
2025-06-20
Last Modified
2026-02-24
References
https://github.com/powsybl/powsybl-core/commit/d8398f689a5ccd505bd62eee2bd6670a29133110 https://github.com/powsybl/powsybl-core/releases/tag/v6.7.2 https://github.com/powsybl/powsybl-core/security/advisories/GHSA-8qjw-9xgm-c9ff
Patch
https://github.com/powsybl/powsybl-core/releases
Share on: