CNNVD-202508-2530 Information

CNNVD ID

CNNVD-202508-2530

Related CVE

CVE-2025-54363

• CNNVD Published: 2025-08-20

Description (Chinese)

knack是Microsoft开源的一个命令行界面框架。 knack 0.12.0版本存在安全漏洞，该漏洞源于knack.introspection模块中的正则表达式拒绝服务漏洞，可能导致CPU消耗过高。

Description (English)

knack is a command line interface framework for Microsoft Open Source. There is a security loophole in version knack 0.12.0, which originates from a regular expression of denial of service in the knack.introspection module, which may lead to overconsumption of CPU.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

微软

Published

2025-08-20

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/microsoft-knack-python-package-regular-expression-dos https://github.com/microsoft/knack/issues/281 https://access.redhat.com/security/cve/cve-2025-54363 https://nvd.nist.gov/vuln/detail/CVE-2025-54363