Описание
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages.
Ссылки
- Vendor Advisory
- PatchThird Party Advisory
- Vendor Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.5 (исключая)
cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00488
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-1333
Связанные уязвимости
CVSS3: 6.5
debian
больше 6 лет назад
The Markdown parser in Zulip server before 2.0.5 used a regular expres ...
CVSS3: 6.5
github
больше 3 лет назад
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages.
EPSS
Процентиль: 65%
0.00488
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-1333