Описание
Withdrawn Advisory: urlnorm vulnerable to Regular Expression Denial of Service
Withdrawn Advisory
This advisory has been withdrawn because the security impact of the slow printing of URLs has been disputed. This link is maintained to preserve external references.
Original Description
The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs.
Пакеты
Наименование
urlnorm
rust
Затронутые версииВерсия исправления
<= 0.1.4
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
больше 2 лет назад
The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."