Описание
The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.1.2 (исключая)
cpe:2.3:a:forwarded_project:forwarded:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 69%
0.006
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-400
CWE-400
Связанные уязвимости
CVSS3: 7.5
redhat
больше 7 лет назад
The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.
CVSS3: 7.5
github
больше 7 лет назад
Regular Expression Denial of Service in forwarded
EPSS
Процентиль: 69%
0.006
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-400
CWE-400