Описание
The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.4.1 (исключая)Версия от 2.0.1 (включая) до 2.0.3 (исключая)
Одно из
cpe:2.3:a:mime_project:mime:*:*:*:*:*:node.js:*:*
cpe:2.3:a:mime_project:mime:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 62%
0.00433
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-400
CWE-400
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 7 лет назад
The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.
CVSS3: 5.3
redhat
больше 8 лет назад
The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.
CVSS3: 7.5
debian
больше 7 лет назад
The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular express ...
CVSS3: 7.5
github
больше 7 лет назад
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input
EPSS
Процентиль: 62%
0.00433
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-400
CWE-400