Описание
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.7 (исключая)
cpe:2.3:a:path-parse_project:path-parse:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 65%
0.00506
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
redhat
около 4 лет назад
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
CVSS3: 5.3
github
почти 4 года назад
Regular Expression Denial of Service in path-parse
EPSS
Процентиль: 65%
0.00506
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo