CVE-2021-27293

Опубликовано: 12 июл. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.

Ссылки

https://github.com/restsharp/RestSharp/issues/1556
Exploit
Patch
Third Party Advisory
https://restsharp.dev/
Product
https://github.com/restsharp/RestSharp/issues/1556
Exploit
Patch
Third Party Advisory
https://restsharp.dev/
Product

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:restsharp:restsharp:*:*:*:*:*:*:*:*

Версия до 106.11.7 (включая)

cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.10:*:*:*:*:*:*

cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.11:*:*:*:*:*:*

cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.12:*:*:*:*:*:*

cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.2:*:*:*:*:*:*

cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.3:*:*:*:*:*:*

cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.4:*:*:*:*:*:*

cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.6:*:*:*:*:*:*

cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.7:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00502

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-697

Связанные уязвимости

GHSA-9pq7-rcxv-47vq