exploitDog

CVE-2023-33289

Опубликовано: 21 июн. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."

Ссылки

https://gist.github.com/6en6ar/b118888dc739e8979038f24c8ac33611
Exploit
Third Party Advisory
https://github.com/progscrape/urlnorm
Product
https://lib.rs/crates/urlnorm
Product
https://news.ycombinator.com/item?id=40435263
https://gist.github.com/6en6ar/b118888dc739e8979038f24c8ac33611
Exploit
Third Party Advisory
https://github.com/progscrape/urlnorm
Product
https://lib.rs/crates/urlnorm
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:urlnorm_project:urlnorm:*:*:*:*:*:rust:*:*

Версия до 0.1.4 (включая)

EPSS

Процентиль: 54%

0.0031

Низкий

7.5 High

CVSS3

Дефекты

CWE-1333

CWE-1333

Связанные уязвимости

GHSA-fqhp-rhm6-8rrj

CVSS3: 7.5

github

больше 2 лет назад

Withdrawn Advisory: urlnorm vulnerable to Regular Expression Denial of Service

EPSS

Процентиль: 54%

0.0031

Низкий

7.5 High

CVSS3

Дефекты

CWE-1333

CWE-1333