Skip to content

Commit e0deb85

Browse files
committed
add: AVE-2026-0054
1 parent b3a3fa5 commit e0deb85

1 file changed

Lines changed: 20 additions & 26 deletions

File tree

vulns/2026/AVE-2026-0054.toml

Lines changed: 20 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -1,34 +1,28 @@
1-
[id]
2-
ave_id = "AVE-2026-0054"
3-
cve_id = "CVE-2026-49476"
4-
aliases = ["GHSA-2wc2-fm75-p42x"]
5-
61
[basic]
7-
title = "Soup Sieve CSS 选择器解析器内存耗尽漏洞"
8-
description = "soupsieve(Beautiful Soup 4 的 CSS 选择器引擎)中的 CSS 选择器解析器在编译大型逗号分隔选择器列表时分配无界内存。攻击者可向 soupsieve.compile() 或 Beautiful Soup 的 .select()/.select_one() 提供特制的 CSS 选择器字符串,导致应用程序从约 500 KB 的输入分配约 244 MB 的堆内存(放大比约 488 倍),从而引发内存耗尽和拒绝服务。无需认证或用户交互即可发起攻击,并发请求会倍增影响。soupsieve 是 beautifulsoup4 的自动依赖项,下游影响广泛。"
9-
severity = "HIGH"
10-
score = 7.5
11-
cvss_v3 = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
12-
remediation = "升级 soupsieve 至 2.8.4 或更高版本。临时缓解措施:避免将用户输入的 CSS 选择器直接传递给 soupsieve.compile() 或 Beautiful Soup 的 .select()/.select_one() 方法,并对选择器字符串长度和逗号分隔项数量实施严格限制。"
13-
published = "2026-06-01"
14-
updated = "2026-07-09"
15-
sources = ["ghsa", "nvd"]
16-
17-
[affected]
18-
vendor = "facelessuser"
19-
product = "soupsieve"
2+
description = ""
3+
published = ""
4+
remediation = "Refer to vendor advisory and upgrade to fixed version."
5+
score = 0.0
6+
severity = "UNKNOWN"
7+
sources = ["ghsa"]
8+
title = "CVE-2026-49476"
9+
updated = ""
2010

2111
[exploit]
22-
poc_urls = ["https://github.com/advisories/GHSA-2wc2-fm75-p42x"]
2312
exp_urls = []
13+
poc_urls = []
2414

25-
[exploit.nuclei_templates]
26-
27-
[references]
28-
nvd = "https://nvd.nist.gov/vuln/detail/CVE-2026-49476"
29-
ghsa = "https://github.com/advisories/GHSA-2wc2-fm75-p42x"
30-
other = ["https://github.com/facelessuser/soupsieve", "https://pypi.org/project/soupsieve/"]
15+
[id]
16+
aliases = [
17+
"CVE-2026-49476",
18+
"GHSA-2wc2-fm75-p42x",
19+
]
20+
ave_id = "AVE-2026-0054"
21+
cve_id = "CVE-2026-49476"
3122

3223
[meta]
33-
collected_at = "2026-07-11T12:00:00+00:00"
24+
collected_at = "2026-07-11T00:15:31.567719138+00:00"
3425
status = "completed"
26+
27+
[references]
28+
urls = []

0 commit comments

Comments
 (0)