CVE-2024-25885

Опубликовано: 08 окт. 2024

Источник: debian

EPSS Низкий

Описание

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
xhtml2pdf	fixed	0.2.16+dfsg-1		package
xhtml2pdf	ignored		bookworm	package
xhtml2pdf	postponed		bullseye	package

Примечания

https://gist.github.com/salvatore-abello/c88dd0027496774023ef36c7b576d206
https://github.com/xhtml2pdf/xhtml2pdf/issues/783
https://github.com/xhtml2pdf/xhtml2pdf/pull/784
https://github.com/xhtml2pdf/xhtml2pdf/commit/1346cb39a06307f256c921938b887b525009a996

EPSS

Процентиль: 30%

0.00114

Низкий

Связанные уязвимости

CVE-2024-25885

CVSS3: 7.5

ubuntu

больше 1 года назад

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string.

CVE-2024-25885

CVSS3: 4.3

redhat

больше 1 года назад

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string.

CVE-2024-25885

CVSS3: 7.5

nvd

больше 1 года назад

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string.

GHSA-jj5c-hhrg-vv5h

CVSS3: 5.3

github

больше 1 года назад

xhtml2pdf Denial of Service via crafted string

EPSS

Процентиль: 30%

0.00114

Низкий