Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-36649

Опубликовано: 11 янв. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.

A vulnerability was found in PapaParse. The affected function is present in the papaparse.js file. The manipulation leads to an inefficient regular expression complexity.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 2.1servicemesh-grafanaNot affected
Red Hat Enterprise Linux 8grafanaNot affected
Red Hat Enterprise Linux 9grafanaNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1333
https://bugzilla.redhat.com/show_bug.cgi?id=2160359papaparse: RegExp used to detect numbers is vulnerable to ReDoS

EPSS

Процентиль: 53%
0.00304
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-36649

CVSS3: 3.5
ubuntu
около 3 лет назад

A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.

nvd логотип

CVE-2020-36649

CVSS3: 3.5
nvd
около 3 лет назад

A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.

debian логотип

CVE-2020-36649

CVSS3: 3.5
debian
около 3 лет назад

A vulnerability was found in mholt PapaParse up to 5.1.x. It has been ...

github логотип

GHSA-qvjc-g5vr-mfgr

CVSS3: 7.5
github
больше 5 лет назад

Regular Expression Denial of Service in papaparse

EPSS

Процентиль: 53%
0.00304
Низкий

7.5 High

CVSS3