Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-13863

Опубликовано: 27 фев. 2018
Источник: redhat
CVSS3: 3.7
EPSS Низкий

Описание

The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Mobile Application Platform 4nodejs-bsonWill not fix
Red Hat Software Collectionsrh-nodejs6-nodejs-bsonWill not fix
Red Hat Software Collectionsrh-nodejs8-nodejs-bsonFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-185->CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1550772nodejs-bson: Regular expression denial of service in decimal128.js

EPSS

Процентиль: 59%
0.00387
Низкий

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-13863

CVSS3: 7.5
ubuntu
больше 7 лет назад

The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.

nvd логотип

CVE-2018-13863

CVSS3: 7.5
nvd
больше 7 лет назад

The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.

debian логотип

CVE-2018-13863

CVSS3: 7.5
debian
больше 7 лет назад

The MongoDB bson JavaScript module (also known as js-bson) versions 0. ...

github логотип

GHSA-8462-q7x7-g2x4

CVSS3: 7.5
github
больше 7 лет назад

js-bson vulnerable to REDoS

EPSS

Процентиль: 59%
0.00387
Низкий

3.7 Low

CVSS3