CVE-2021-29506

Опубликовано: 13 мая 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix: https://github.com/graphhopper/graphhopper/pull/2304

Ссылки

https://github.com/graphhopper/graphhopper/commit/eb189be1fa7443ebf4ae881e737a18f818c95f41
Patch
Third Party Advisory
https://github.com/graphhopper/graphhopper/pull/2304
Patch
Third Party Advisory
https://github.com/graphhopper/graphhopper/security/advisories/GHSA-hf44-3mx6-vhhw
Third Party Advisory
https://github.com/graphhopper/graphhopper/commit/eb189be1fa7443ebf4ae881e737a18f818c95f41
Patch
Third Party Advisory
https://github.com/graphhopper/graphhopper/pull/2304
Patch
Third Party Advisory
https://github.com/graphhopper/graphhopper/security/advisories/GHSA-hf44-3mx6-vhhw
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:graphhopper:graphhopper:*:*:*:*:*:*:*:*

Версия от 2.0 (включая) до 2.4 (исключая)

EPSS

Процентиль: 59%

0.00376

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

GHSA-hf44-3mx6-vhhw