CNNVD-202508-2272 Information

CNNVD ID

CNNVD-202508-2272

Related CVE

CVE-2025-54364

• CNNVD Published: 2025-08-20

Description (Chinese)

knack是Microsoft开源的一个命令行界面框架。 knack 0.12.0版本存在安全漏洞，该漏洞源于正则表达式拒绝服务。

Description (English)

knack is a command line interface framework for Microsoft Open Source. There is a security loophole in version knack 0.12.0, which stems from a regular expression of denial of service.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

微软

Published

2025-08-20

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/microsoft-knack-python-package-regular-expression-dos https://github.com/microsoft/knack https://access.redhat.com/security/cve/cve-2025-54364 https://nvd.nist.gov/vuln/detail/CVE-2025-54364