GHSA-x5gf-qvw8-r2rm

Опубликовано: 09 июн. 2025

Источник: github

Github: Прошло ревью

CVSS4: 2.1

CVSS3: 4.3

Описание

pm2 Regular Expression Denial of Service vulnerability

A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.8. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Ссылки

Пакеты

Наименование

pm2

npm

Затронутые версииВерсия исправления

<= 6.0.14

Отсутствует

EPSS

Процентиль: 23%

0.00075

Низкий

2.1 Low

CVSS4

4.3 Medium

CVSS3

CVE ID

CVE-2025-5891

Дефекты

CWE-1333

CWE-400

Связанные уязвимости

CVE-2025-5891

CVSS3: 4.3

nvd

8 месяцев назад

A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 23%

0.00075

Низкий

2.1 Low

CVSS4

4.3 Medium

CVSS3

CVE ID

CVE-2025-5891

Дефекты

CWE-1333

CWE-400