Описание
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
The package hosted-git-info before 3.0.8 are vulnerable to Regular Exp ...
Regular Expression Denial of Service in hosted-git-info
Уязвимость функции fromUrl программного обеспечения hosted-git-info, связанная с неправильным регулярным выражением, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.3 Medium
CVSS3
5 Medium
CVSS2