Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-25288

Опубликовано: 14 фев. 2025
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator(), a specially crafted octokit instance—particularly with a malicious link parameter in the headers section of the request—can trigger a ReDoS attack. Version 11.4.1 contains a fix for the issue.

A flaw was found in the plugin-paginate-rest Octokit plugin. When calling octokit.paginate.iterator(), a specially crafted octokit instance with a malicious link parameter in the headers section of the request can trigger a regular expression denial-of-service (ReDoS) attack.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Multicluster Engine for Kubernetesmulticluster-engine/console-mce-rhel8Will not fix
OpenShift Serverlessopenshift-serverless-1/kn-backstage-plugins-eventmesh-rhel8Affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-rhel8Will not fix
Red Hat Developer Hubrhdh/rhdh-hub-rhel9Fix deferred
Red Hat Integration Camel K 1io.apicurio-apicurio-registryWill not fix
Red Hat JBoss Enterprise Application Platform 8org.keycloak-keycloak-parentNot affected
Red Hat JBoss Enterprise Application Platform Expansion Packorg.keycloak-keycloak-parentNot affected
Red Hat OpenShift Dev Spacesdevspaces/code-rhel8Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1333
https://bugzilla.redhat.com/show_bug.cgi?id=2345822octokit/plugin-paginate-rest: @octokit/plugin-paginate-rest has a Regular Expression in iterator that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

EPSS

Процентиль: 31%
0.00118
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-25288

CVSS3: 5.3
nvd
7 месяцев назад

@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package `@octokit/plugin-paginate-rest`, when calling `octokit.paginate.iterator()`, a specially crafted `octokit` instance—particularly with a malicious `link` parameter in the `headers` section of the `request`—can trigger a ReDoS attack. Version 11.4.1 contains a fix for the issue.

github логотип

GHSA-h5c3-5r3r-rr8q

CVSS3: 5.3
github
7 месяцев назад

@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

EPSS

Процентиль: 31%
0.00118
Низкий

5.3 Medium

CVSS3