Количество 2
Количество 2
CVE-2023-23925
Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS). This issue has been patched in version 3.1.4. As a workaround, avoid using Strategy settings that use REGEX in conjunction with EXIST and NOT_EXIST operations.
GHSA-wqxw-8h5g-hq56
Switcher Client contains Regular Expression Denial of Service (ReDoS)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-23925 Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS). This issue has been patched in version 3.1.4. As a workaround, avoid using Strategy settings that use REGEX in conjunction with EXIST and NOT_EXIST operations. | CVSS3: 8.6 | 0% Низкий | около 3 лет назад |
| GHSA-wqxw-8h5g-hq56 Switcher Client contains Regular Expression Denial of Service (ReDoS) | CVSS3: 7.5 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу