Описание
A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely.
Ссылки
- ExploitIssue TrackingPatch
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitIssue TrackingPatch
Уязвимые конфигурации
Конфигурация 1Версия до 5.0.8 (включая)
cpe:2.3:a:vuejs:vue_cli:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.0013
Низкий
4.3 Medium
CVSS3
7.5 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-400
CWE-1333
Связанные уязвимости
CVSS3: 4.3
github
8 месяцев назад
@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability
EPSS
Процентиль: 33%
0.0013
Низкий
4.3 Medium
CVSS3
7.5 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-400
CWE-1333