CVE-2024-52798

Опубликовано: 05 дек. 2024

Источник: ubuntu

Приоритет: medium

EPSS Низкий

Описание

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296.

Релиз	Статус	Примечание
devel	needs-triage
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-apps/jammy	not-affected	code not present
esm-apps/noble	not-affected	code not present
esm-apps/xenial	not-affected	code not present
focal	not-affected	code not present
jammy	not-affected	code not present
noble	not-affected	code not present
oracular	not-affected	code not present

Показывать по

Релиз	Статус	Примечание
devel	needs-triage
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
focal	ignored	end of standard support, was needs-triage
jammy	needs-triage
noble	needs-triage
oracular	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 25%

0.00086

Низкий

Связанные уязвимости

CVE-2024-52798

CVSS3: 5.3

redhat

около 1 года назад

CVE-2024-52798

nvd

около 1 года назад

CVE-2024-52798

msrc

11 месяцев назад

Описание отсутствует

CVE-2024-52798

debian

около 1 года назад

path-to-regexp turns path strings into a regular expressions. In certa ...

GHSA-rhx6-c78j-4q9w

CVSS3: 7.5

github

около 1 года назад

path-to-regexp contains a ReDoS

EPSS

Процентиль: 25%

0.00086

Низкий

CVE-2024-52798

Описание

Пакет node-express

Пакет node-path-to-regexp

Ссылки на источники

Связанные уязвимости