Описание
The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can cause catastrophic backtracking and break pages.
EPSS
Процентиль: 66%
0.00503
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-400
Связанные уязвимости
CVSS3: 5.3
github
около 1 года назад
The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can cause catastrophic backtracking and break pages.
EPSS
Процентиль: 66%
0.00503
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-400