Skip to content

Commit 0a83e30

Browse files
committed
add: AVE-2026-0055
1 parent 3270269 commit 0a83e30

1 file changed

Lines changed: 20 additions & 27 deletions

File tree

vulns/2026/AVE-2026-0055.toml

Lines changed: 20 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,28 @@
1-
[id]
2-
ave_id = "AVE-2026-0055"
3-
cve_id = "CVE-2026-49477"
4-
aliases = ["GHSA-836r-79rf-4m37"]
5-
61
[basic]
7-
title = "soupsieve CSS选择器解析器正则表达式拒绝服务(ReDoS)漏洞"
8-
description = "soupsieve是Beautiful Soup 4使用的CSS选择器引擎,其css_parser.py中VALUE正则表达式存在灾难性回溯漏洞。当处理未闭合引号的属性选择器(如[a=\"xxx...)时,正则引擎进入指数级回溯,仅需300字节载荷即可导致CPU耗尽超过3秒,造成拒绝服务(ReDoS)。攻击者无需认证即可远程利用,影响所有接受用户CSS选择器输入的Python应用。"
9-
severity = "HIGH"
10-
score = 7.5
11-
cvss_v3 = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
12-
remediation = "升级soupsieve至2.8.4及以上版本,该版本已修复正则表达式回溯问题。如无法升级,应避免将用户输入的CSS选择器直接传递给soupsieve.compile()或BeautifulSoup的.select()/.select_one()方法,并对用户输入进行严格的格式校验。"
13-
published = "2026-06-01"
14-
updated = "2026-07-09"
2+
description = ""
3+
published = ""
4+
remediation = "Refer to vendor advisory and upgrade to fixed version."
5+
score = 0.0
6+
severity = "UNKNOWN"
157
sources = ["ghsa"]
16-
17-
[affected]
18-
vendor = "facelessuser"
19-
product = "soupsieve"
20-
21-
[references]
22-
urls = [
23-
"https://github.com/facelessuser/soupsieve/security/advisories/GHSA-836r-79rf-4m37",
24-
"https://github.com/facelessuser/soupsieve",
25-
"https://nvd.nist.gov/vuln/detail/CVE-2026-49477"
26-
]
8+
title = "CVE-2026-49477"
9+
updated = ""
2710

2811
[exploit]
29-
poc_urls = ["https://github.com/facelessuser/soupsieve/security/advisories/GHSA-836r-79rf-4m37"]
3012
exp_urls = []
31-
nuclei_templates = []
13+
poc_urls = []
14+
15+
[id]
16+
aliases = [
17+
"CVE-2026-49477",
18+
"GHSA-836r-79rf-4m37",
19+
]
20+
ave_id = "AVE-2026-0055"
21+
cve_id = "CVE-2026-49477"
3222

3323
[meta]
24+
collected_at = "2026-07-11T00:17:05.410242660+00:00"
3425
status = "completed"
35-
collected_at = "2026-07-11T10:00:00+08:00"
26+
27+
[references]
28+
urls = []

0 commit comments

Comments
 (0)