Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-24807

Опубликовано: 16 фев. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set() and Headers.append() methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the headerValueNormalize() utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat 3scale API Management Platform 23scale-amp-system-containerFix deferred
Red Hat Enterprise Linux 8nodejsNot affected
Red Hat Enterprise Linux 8nodejsFixedRHSA-2023:158204.04.2023
Red Hat Enterprise Linux 8nodejsFixedRHSA-2023:158304.04.2023
Red Hat Enterprise Linux 9nodejsFixedRHSA-2023:265409.05.2023
Red Hat Enterprise Linux 9nodejsFixedRHSA-2023:265509.05.2023
Red Hat Enterprise Linux 9.0 Extended Update SupportnodejsFixedRHSA-2023:553309.10.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-1333
https://bugzilla.redhat.com/show_bug.cgi?id=2172204Node.js: Regular Expression Denial of Service in Headers fetch API

EPSS

Процентиль: 46%
0.00234
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-24807

CVSS3: 7.5
ubuntu
почти 3 года назад

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.

nvd логотип

CVE-2023-24807

CVSS3: 7.5
nvd
почти 3 года назад

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.

msrc логотип

CVE-2023-24807

CVSS3: 7.5
msrc
почти 3 года назад

Описание отсутствует

debian логотип

CVE-2023-24807

CVSS3: 7.5
debian
почти 3 года назад

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the ...

github логотип

GHSA-r6ch-mqf9-qc9w

CVSS3: 7.5
github
почти 3 года назад

Regular Expression Denial of Service in Headers

EPSS

Процентиль: 46%
0.00234
Низкий

7.5 High

CVSS3