exploitDog

GHSA-3rw8-4xrq-3f7p

Опубликовано: 17 мар. 2025

Источник: github

Github: Прошло ревью

CVSS4: 6.9

CVSS3: 6

Описание

Duplicate Advisory: Uptime Kuma ReDoS vulnerability

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-hx7h-9vf7-5xhg. This link is maintained to preserve external references.

Original Description

Uptime Kuma >== 1.23.0 has a ReDoS vulnerability, specifically when an administrator creates a notification through the web service. If a string is provided it triggers catastrophic backtracking in the regular expression, leading to a ReDoS attack.

Ссылки

Пакеты

Наименование

uptime-kuma

npm

Затронутые версииВерсия исправления

>= 1.23.0, <= 2.0.0-dev.0

Отсутствует

6.9 Medium

CVSS4

6 Medium

CVSS3

Дефекты

CWE-1333

6.9 Medium

CVSS4

6 Medium

CVSS3

Дефекты

CWE-1333