Описание
git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in urls.go.
A flaw was found in the git-urls package. This issue occurs when a long input is provided inside the directory path of the git url. This could lead to loading delays or a regular expression denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Serverless | openshift-serverless-1/client-kn-rhel8 | Affected | ||
| OpenShift Serverless | openshift-serverless-clients | Affected | ||
| Red Hat OpenShift GitOps | openshift-gitops-1/argocd-rhel8 | Fix deferred | ||
| Red Hat OpenShift GitOps | openshift-gitops-1/argo-rollouts-rhel8 | Fix deferred |
Показывать по
10
Дополнительная информация
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
около 2 лет назад
git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in urls.go.
CVSS3: 7.5
github
около 2 лет назад
Inefficient Regular Expression Complexity in git-urls
4.3 Medium
CVSS3