CVE-2025-5896
BaseFortify
Publication date: 2025-06-09
Last updated on: 2025-07-10
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| taro | taro | to 4.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1333 | The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in tarojs taro up to version 4.1.1 involves inefficient regular expression complexity in the file taro/packages/css-to-react-native/src/index.js. This can be exploited remotely to cause performance issues or denial of service by making the regular expression processing inefficient. Upgrading to version 4.1.2 fixes this issue.
How can this vulnerability impact me? :
The vulnerability can lead to inefficient processing due to complex regular expressions, which may cause performance degradation or denial of service in applications using the affected tarojs taro versions. This can disrupt service availability.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to upgrade the tarojs taro component to version 4.1.2, which addresses the issue.