CVE-2020-26306: Knwl.js Regular Expression Denial of Service vulnerability

October 26, 2024 (updated October 28, 2024)

Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.

References

github.com/advisories/GHSA-68qg-g787-3rp5
github.com/benhmoore/Knwl
github.com/benhmoore/Knwl/commit/88aa966b1415a167c7c91b70053b72c7762c1cc0
github.com/benhmoore/Knwl/issues/106
nvd.nist.gov/vuln/detail/CVE-2020-26306
securitylab.github.com/advisories/GHSL-2020-296-redos-Knwl.js

Detect and mitigate CVE-2020-26306 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →