Описание
The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Mobile Application Platform 4 | nodjs-forwarded | Not affected | ||
| Red Hat OpenShift Enterprise 3 | nodejs-forwarded | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1588785nodejs-forwarded: regular expression denial of service when parsing crafted user input
EPSS
Процентиль: 69%
0.006
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.
CVSS3: 7.5
github
больше 7 лет назад
Regular Expression Denial of Service in forwarded
EPSS
Процентиль: 69%
0.006
Низкий
7.5 High
CVSS3