Skip to content

Commit 2b861ea

Browse files
committed
add: AVE-2018-0028
1 parent f788dd3 commit 2b861ea

1 file changed

Lines changed: 35 additions & 0 deletions

File tree

vulns/2026/AVE-2026-0055.toml

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
[id]
2+
ave_id = "AVE-2026-0055"
3+
cve_id = "CVE-2026-49477"
4+
aliases = ["GHSA-836r-79rf-4m37"]
5+
6+
[basic]
7+
title = "soupsieve CSS选择器解析器正则表达式拒绝服务(ReDoS)漏洞"
8+
description = "soupsieve是Beautiful Soup 4使用的CSS选择器引擎,其css_parser.py中VALUE正则表达式存在灾难性回溯漏洞。当处理未闭合引号的属性选择器(如[a=\"xxx...)时,正则引擎进入指数级回溯,仅需300字节载荷即可导致CPU耗尽超过3秒,造成拒绝服务(ReDoS)。攻击者无需认证即可远程利用,影响所有接受用户CSS选择器输入的Python应用。"
9+
severity = "HIGH"
10+
score = 7.5
11+
cvss_v3 = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
12+
remediation = "升级soupsieve至2.8.4及以上版本,该版本已修复正则表达式回溯问题。如无法升级,应避免将用户输入的CSS选择器直接传递给soupsieve.compile()或BeautifulSoup的.select()/.select_one()方法,并对用户输入进行严格的格式校验。"
13+
published = "2026-06-01"
14+
updated = "2026-07-09"
15+
sources = ["ghsa"]
16+
17+
[affected]
18+
vendor = "facelessuser"
19+
product = "soupsieve"
20+
21+
[references]
22+
urls = [
23+
"https://github.com/facelessuser/soupsieve/security/advisories/GHSA-836r-79rf-4m37",
24+
"https://github.com/facelessuser/soupsieve",
25+
"https://nvd.nist.gov/vuln/detail/CVE-2026-49477"
26+
]
27+
28+
[exploit]
29+
poc_urls = ["https://github.com/facelessuser/soupsieve/security/advisories/GHSA-836r-79rf-4m37"]
30+
exp_urls = []
31+
nuclei_templates = []
32+
33+
[meta]
34+
status = "completed"
35+
collected_at = "2026-07-11T10:00:00+08:00"

0 commit comments

Comments
 (0)