CNNVD-202601-3901 Information
CNNVD ID
CNNVD-202601-3901
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
jsdiff是Kevin Decker个人开发者的一个文本比较库。 jsdiff 8.0.3之前版本、5.2.2之前版本、4.0.4之前版本和3.5.1之前版本存在安全漏洞,该漏洞源于解析包含特定换行符的补丁文件时处理不当,可能导致无限循环和拒绝服务。
Description (English)
jsdiff is a text comparison library for Kevin Decker personal developers. jsdiff, before 8.0.3, before 5.2.2, before 4.0.4 and before 3.5.1, has a security loophole, which stems from the mishandling of patches containing specific line breaks, which may lead to unlimited circulation and denial of services.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-01-22
Last Modified
2026-02-24
References
https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5 https://github.com/kpdecker/jsdiff/issues/653 https://github.com/kpdecker/jsdiff/pull/649
Patch
https://github.com/kpdecker/jsdiff/tags
Share on: