CNNVD-202511-2922 Information

CNNVD ID

CNNVD-202511-2922

Related CVE

CVE-2025-66020

• CNNVD Published: 2025-11-26

Description (Chinese)

Valibot是Open Circle开源的一个用于结构化数据验证的库。 Valibot 0.31.0版本至1.1.0版本存在安全漏洞，该漏洞源于EMOJI_REGEX容易受到正则表达式拒绝服务攻击，可能导致应用程序拒绝服务。

Description (English)

Valibot is an Open Circle open source library for structured data validation. There is a security loophole in Valibot 0.31.0 to 1.1.0, which stems from the vulnerability of EMOJI REGEX to regular expressions of denial of service, which may lead to applications refusing services.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Open Circle

Published

2025-11-26

Last Modified

2026-02-24

References

https://github.com/open-circle/valibot/security/advisories/GHSA-vqpr-j7v3-hqw9 https://github.com/open-circle/valibot/commit/cfb799db301a953a0950d5c05a34a3ab121262dc https://access.redhat.com/security/cve/cve-2025-66020

Patch

https://github.com/open-circle/valibot/releases