exploitDog

CVE-2025-54796

Опубликовано: 02 авг. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9.

Ссылки

https://github.com/9001/copyparty/commit/09910ba80784c3980947d92f45db696398c0fd83
Patch
https://github.com/9001/copyparty/releases/tag/v1.18.9
Release Notes
https://github.com/9001/copyparty/security/advisories/GHSA-5662-2rj7-f2v6
Exploit
Vendor Advisory
https://github.com/9001/copyparty/security/advisories/GHSA-5662-2rj7-f2v6
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:9001:copyparty:*:*:*:*:*:*:*:*

Версия до 1.18.9 (исключая)

EPSS

Процентиль: 19%

0.00061

Низкий

7.5 High

CVSS3

Дефекты

CWE-400

Связанные уязвимости

GHSA-5662-2rj7-f2v6

CVSS3: 7.5

github

6 месяцев назад

copyparty allows Regex Denial of Service (ReDoS) in the upload listing

EPSS

Процентиль: 19%

0.00061

Низкий

7.5 High

CVSS3

Дефекты

CWE-400