CNNVD-202510-1393 Information
CNNVD ID
CNNVD-202510-1393
Related CVE
- CNNVD Published: 2025-10-10
Description (Chinese)
Common Expression Language是cel-rust开源的一个用Rust编写的通用表达式语言解释器。 Common Expression Language 0.10.0版本至0.11.4之前版本存在输入验证错误漏洞,该漏洞源于解析特定格式错误的CEL表达式可能导致解析器崩溃,可能导致拒绝服务攻击。
Description (English)
Common Express Language is a common expression interpreter, written by Rust, from the cel-rust open source. There is an input error loophole in the previous versions of Common Expressing Range 0.10.0 to 0.11.4, which stems from the CEL expression that resolves a given format error that could lead to a breakdown of the resolver and possibly a denial of service attack.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
cel-rust
Published
2025-10-10
Last Modified
2026-02-24
References
https://github.com/cel-rust/cel-rust/releases/tag/cel-v0.11.4 https://github.com/cel-rust/cel-rust/security/advisories/GHSA-wxwx-9fh7-5mrw
Patch
https://github.com/cel-rust/cel-rust/releases
Share on: