Skip to main content

String

2 CVEs product

Monthly

CVE-2026-14895 HIGH PATCH This Week

Regular-expression denial of service in the String::Util Perl module (versions before 1.36) lets remote unauthenticated attackers exhaust CPU by supplying a string with a long run of whitespace to the trim or rtrim functions. The vulnerable `s/\s*$//u` pattern backtracks quadratically over whitespace runs, so any application feeding untrusted input through these helpers is exposed. No public exploit code has been identified; EPSS is low (0.19%, 9th percentile) and the flaw is not on CISA KEV, indicating no observed active exploitation.

Denial Of Service String
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-13939 HIGH This Week

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure String
NVD
CVSS 3.1
7.5
EPSS
0.3%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Regular-expression denial of service in the String::Util Perl module (versions before 1.36) lets remote unauthenticated attackers exhaust CPU by supplying a string with a long run of whitespace to the trim or rtrim functions. The vulnerable `s/\s*$//u` pattern backtracks quadratically over whitespace runs, so any application feeding untrusted input through these helpers is exposed. No public exploit code has been identified; EPSS is low (0.19%, 9th percentile) and the flaw is not on CISA KEV, indicating no observed active exploitation.

Denial Of Service String
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure String
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy