Описание
Regular expression denial of service in Delight Nashorn Sandbox
An issue was discovered in Delight Nashorn Sandbox. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-40660
- https://github.com/javadelight/delight-nashorn-sandbox/issues/117
- https://github.com/javadelight/delight-nashorn-sandbox/issues/117#issuecomment-1564983722
- https://github.com/javadelight/delight-nashorn-sandbox/pull/139
- https://github.com/javadelight/delight-nashorn-sandbox/commit/b899b8ecad46090fdc042ac7683e1164114a69de
- https://github.com/javadelight/delight-nashorn-sandbox/releases/tag/0.3.1
Пакеты
Наименование
org.javadelight:delight-nashorn-sandbox
maven
Затронутые версииВерсия исправления
< 0.3.1
0.3.1
Связанные уязвимости
CVSS3: 7.5
nvd
больше 3 лет назад
An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack.