File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1- [id ]
2- ave_id = " AVE-2026-0054"
3- cve_id = " CVE-2026-49476"
4- aliases = [" GHSA-2wc2-fm75-p42x" ]
5-
61[basic ]
7- title = " Soup Sieve CSS 选择器解析器内存耗尽漏洞"
8- description = " soupsieve(Beautiful Soup 4 的 CSS 选择器引擎)中的 CSS 选择器解析器在编译大型逗号分隔选择器列表时分配无界内存。攻击者可向 soupsieve.compile() 或 Beautiful Soup 的 .select()/.select_one() 提供特制的 CSS 选择器字符串,导致应用程序从约 500 KB 的输入分配约 244 MB 的堆内存(放大比约 488 倍),从而引发内存耗尽和拒绝服务。无需认证或用户交互即可发起攻击,并发请求会倍增影响。soupsieve 是 beautifulsoup4 的自动依赖项,下游影响广泛。"
9- severity = " HIGH"
10- score = 7.5
11- cvss_v3 = " CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
12- remediation = " 升级 soupsieve 至 2.8.4 或更高版本。临时缓解措施:避免将用户输入的 CSS 选择器直接传递给 soupsieve.compile() 或 Beautiful Soup 的 .select()/.select_one() 方法,并对选择器字符串长度和逗号分隔项数量实施严格限制。"
13- published = " 2026-06-01"
14- updated = " 2026-07-09"
15- sources = [" ghsa" , " nvd" ]
16-
17- [affected ]
18- vendor = " facelessuser"
19- product = " soupsieve"
2+ description = " "
3+ published = " "
4+ remediation = " Refer to vendor advisory and upgrade to fixed version."
5+ score = 0.0
6+ severity = " UNKNOWN"
7+ sources = [" ghsa" ]
8+ title = " CVE-2026-49476"
9+ updated = " "
2010
2111[exploit ]
22- poc_urls = [" https://github.com/advisories/GHSA-2wc2-fm75-p42x" ]
2312exp_urls = []
13+ poc_urls = []
2414
25- [exploit .nuclei_templates ]
26-
27- [references ]
28- nvd = " https://nvd.nist.gov/vuln/detail/CVE-2026-49476"
29- ghsa = " https://github.com/advisories/GHSA-2wc2-fm75-p42x"
30- other = [" https://github.com/facelessuser/soupsieve" , " https://pypi.org/project/soupsieve/" ]
15+ [id ]
16+ aliases = [
17+ " CVE-2026-49476" ,
18+ " GHSA-2wc2-fm75-p42x" ,
19+ ]
20+ ave_id = " AVE-2026-0054"
21+ cve_id = " CVE-2026-49476"
3122
3223[meta ]
33- collected_at = " 2026-07-11T12:00:00 +00:00"
24+ collected_at = " 2026-07-11T00:15:31.567719138 +00:00"
3425status = " completed"
26+
27+ [references ]
28+ urls = []
You can’t perform that action at this time.
0 commit comments