File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ [id ]
2+ ave_id = " AVE-2026-0055"
3+ cve_id = " CVE-2026-49477"
4+ aliases = [" GHSA-836r-79rf-4m37" ]
5+
6+ [basic ]
7+ title = " soupsieve CSS选择器解析器正则表达式拒绝服务(ReDoS)漏洞"
8+ description = " soupsieve是Beautiful Soup 4使用的CSS选择器引擎,其css_parser.py中VALUE正则表达式存在灾难性回溯漏洞。当处理未闭合引号的属性选择器(如[a=\" xxx...)时,正则引擎进入指数级回溯,仅需300字节载荷即可导致CPU耗尽超过3秒,造成拒绝服务(ReDoS)。攻击者无需认证即可远程利用,影响所有接受用户CSS选择器输入的Python应用。"
9+ severity = " HIGH"
10+ score = 7.5
11+ cvss_v3 = " CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
12+ remediation = " 升级soupsieve至2.8.4及以上版本,该版本已修复正则表达式回溯问题。如无法升级,应避免将用户输入的CSS选择器直接传递给soupsieve.compile()或BeautifulSoup的.select()/.select_one()方法,并对用户输入进行严格的格式校验。"
13+ published = " 2026-06-01"
14+ updated = " 2026-07-09"
15+ sources = [" ghsa" ]
16+
17+ [affected ]
18+ vendor = " facelessuser"
19+ product = " soupsieve"
20+
21+ [references ]
22+ urls = [
23+ " https://github.com/facelessuser/soupsieve/security/advisories/GHSA-836r-79rf-4m37" ,
24+ " https://github.com/facelessuser/soupsieve" ,
25+ " https://nvd.nist.gov/vuln/detail/CVE-2026-49477"
26+ ]
27+
28+ [exploit ]
29+ poc_urls = [" https://github.com/facelessuser/soupsieve/security/advisories/GHSA-836r-79rf-4m37" ]
30+ exp_urls = []
31+ nuclei_templates = []
32+
33+ [meta ]
34+ status = " completed"
35+ collected_at = " 2026-07-11T10:00:00+08:00"
You can’t perform that action at this time.
0 commit comments