Описание
Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service.
Impact
The regex injection that may lead to Denial of Service.
Patches
Will be patched in 2.4 and 3.0
Workarounds
Versions lower than 2.x are only affected if the navigation module is added
References
See this pull request for the fix: https://github.com/graphhopper/graphhopper/pull/2304
If you have any questions or comments about this advisory please send us an Email or create a topic here.
Пакеты
com.graphhopper:graphhopper-nav
< 2.4
2.4
Связанные уязвимости
GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix: https://github.com/graphhopper/graphhopper/pull/2304