CWE-1333
Inefficient Regular Expression Complexity
The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.
CVE-2024-4056 (GCVE-0-2024-4056)
Vulnerability from cvelistv5 – Published: 2024-04-26 06:02 – Updated: 2026-02-23 10:10
VLAI
Title
Denial of service condition in M-Files Server
Summary
Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://product.m-files.com/security-advisories/c… | vendor-advisory |
| https://empower.m-files.com/security-advisories/C… | vendor-advisory |
| https://www.m-files.com/about/trust-center/securi… | x_transferred |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| M-Files Corporation | M-Files Server |
Affected:
23.11 , < 24.4.13592.4
(custom)
Unaffected: 24.2 LTS |
|
| m-files | m-files_server |
Affected:
*
cpe:2.3:a:m-files:m-files_server:-:*:*:*:*:*:*:* |
|
| m-files | m-files_server |
Affected:
-
cpe:2.3:a:m-files:m-files_server:-:*:*:*:*:*:*:* |
|
| m-files | m-files_server |
Unknown:
24.2 LTS
cpe:2.3:a:m-files:m-files_server:-:*:*:*:*:*:*:* |
Date Public
2024-04-29 11:05
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:m-files:m-files_server:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "m-files_server",
"vendor": "m-files",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:a:m-files:m-files_server:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "m-files_server",
"vendor": "m-files",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:m-files:m-files_server:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "m-files_server",
"vendor": "m-files",
"versions": [
{
"status": "unknown",
"version": "24.2 LTS"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-26T19:19:39.222407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:56:32.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2024-4056/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "M-Files Server",
"vendor": "M-Files Corporation",
"versions": [
{
"lessThan": "24.4.13592.4",
"status": "affected",
"version": "23.11",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "24.2 LTS"
}
]
}
],
"datePublic": "2024-04-29T11:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eDenial of service condition in M-Files Server in versions before 24.4.13592.4\u0026nbsp;and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources.\u003c/span\u003e"
}
],
"value": "Denial of service condition in M-Files Server in versions before 24.4.13592.4\u00a0and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources."
}
],
"impacts": [
{
"capecId": "CAPEC-492",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-492 Regular Expression Exponential Blowup"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T10:10:50.553Z",
"orgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
"shortName": "M-Files Corporation"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://product.m-files.com/security-advisories/cve-2024-4056/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://empower.m-files.com/security-advisories/CVE-2024-4056"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Denial of service condition in M-Files Server",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No workaround available on affected versions."
}
],
"value": "No workaround available on affected versions."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
"assignerShortName": "M-Files Corporation",
"cveId": "CVE-2024-4056",
"datePublished": "2024-04-26T06:02:21.917Z",
"dateReserved": "2024-04-23T08:17:04.443Z",
"dateUpdated": "2026-02-23T10:10:50.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-4067 (GCVE-0-2024-4067)
Vulnerability from cvelistv5 – Published: 2024-05-13 10:04 – Updated: 2024-09-17 19:47
VLAI
Title
Regular Expression Denial of Service in micromatch
Summary
The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| micromatch | micromatch |
Affected:
0 , < 4.0.8
(cpe)
Unaffected: 4.0.8 (cpe) |
|
| micromatch | micromatch |
Affected:
0 , < 4.0.8
(custom)
cpe:2.3:a:micromatch:micromatch:*:*:*:*:*:*:*:* |
Date Public
2024-05-13 12:44
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:micromatch:micromatch:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "micromatch",
"vendor": "micromatch",
"versions": [
{
"lessThan": "4.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4067",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T16:30:13.286431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:47:41.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/micromatch/micromatch/issues/243"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/micromatch/micromatch/pull/247"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.npmjs.com/package/micromatch",
"defaultStatus": "unaffected",
"packageName": "micromatch",
"product": "micromatch",
"programFiles": [
"index.js"
],
"programRoutines": [
{
"name": "micromatch.braces = (pattern, options) =\u003e"
}
],
"repo": "https://github.com/micromatch/micromatch",
"vendor": "micromatch",
"versions": [
{
"lessThan": "4.0.8",
"status": "affected",
"version": "0",
"versionType": "cpe"
},
{
"status": "unaffected",
"version": "4.0.8",
"versionType": "cpe"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "M\u00e1rio Teixeira, Checkmarx Research Group"
}
],
"datePublic": "2024-05-13T12:44:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn\u0027t find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won\u0027t start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn\u0027t find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won\u0027t start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T23:25:14.519Z",
"orgId": "596c5446-0ce5-4ba2-aa66-48b3b757a647",
"shortName": "Checkmarx"
},
"references": [
{
"url": "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/"
},
{
"url": "https://github.com/micromatch/micromatch/pull/266"
},
{
"url": "https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade"
},
{
"url": "https://github.com/micromatch/micromatch/releases/tag/4.0.8"
},
{
"url": "https://advisory.checkmarx.net/advisory/CVE-2024-4067/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Regular Expression Denial of Service in micromatch",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "596c5446-0ce5-4ba2-aa66-48b3b757a647",
"assignerShortName": "Checkmarx",
"cveId": "CVE-2024-4067",
"datePublished": "2024-05-13T10:04:42.886Z",
"dateReserved": "2024-04-23T13:31:13.656Z",
"dateUpdated": "2024-09-17T19:47:41.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4148 (GCVE-0-2024-4148)
Vulnerability from cvelistv5 – Published: 2024-06-01 15:54 – Updated: 2025-01-30 13:09
VLAI
Title
Redos (Regular Expression Denial of Service) in lunary-ai/lunary
Summary
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially render it completely non-functional. Specifically, the vulnerability can be triggered by sending a specially crafted request to the application, leading to a denial of service where the application crashes.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| lunary-ai | lunary-ai/lunary |
Affected:
unspecified , < 1.3.4
(custom)
|
|
| lunary-ai | lunary |
Affected:
1.2.10
cpe:2.3:a:lunary-ai:lunary:1.2.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lunary-ai:lunary:1.2.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lunary",
"vendor": "lunary-ai",
"versions": [
{
"status": "affected",
"version": "1.2.10"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4148",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T15:56:16.236144Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:56:23.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/eca4ad45-2a38-4f3c-9ec1-8205cd51be31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "lunary-ai/lunary",
"vendor": "lunary-ai",
"versions": [
{
"lessThan": "1.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially render it completely non-functional. Specifically, the vulnerability can be triggered by sending a specially crafted request to the application, leading to a denial of service where the application crashes."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T13:09:21.705Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/eca4ad45-2a38-4f3c-9ec1-8205cd51be31"
},
{
"url": "https://github.com/lunary-ai/lunary/commit/1e8a3d941ba5cfef2c478dd5bac4e4a4b4d67830"
}
],
"source": {
"advisory": "eca4ad45-2a38-4f3c-9ec1-8205cd51be31",
"discovery": "EXTERNAL"
},
"title": "Redos (Regular Expression Denial of Service) in lunary-ai/lunary"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-4148",
"datePublished": "2024-06-01T15:54:36.486Z",
"dateReserved": "2024-04-24T21:01:47.587Z",
"dateUpdated": "2025-01-30T13:09:21.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41655 (GCVE-0-2024-41655)
Vulnerability from cvelistv5 – Published: 2024-07-23 14:49 – Updated: 2024-08-02 04:46
VLAI
Title
TF2 Item Format Regular Expression Denial of Service vulnerability
Summary
TF2 Item Format helps users format TF2 items to the community standards. Versions of `tf2-item-format` since at least `4.2.6` and prior to `5.9.14` are vulnerable to a Regular Expression Denial of Service (ReDoS) attack when parsing crafted user input. This vulnerability can be exploited by an attacker to perform DoS attacks on any service that uses any `tf2-item-format` to parse user input. Version `5.9.14` contains a fix for the issue.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/danocmx/node-tf2-item-format/s… | x_refsource_CONFIRM |
| https://github.com/danocmx/node-tf2-item-format/c… | x_refsource_MISC |
| https://github.com/danocmx/node-tf2-item-format/r… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| danocmx | node-tf2-item-format |
Affected:
>= 4.2.6, < 5.9.14
|
|
| danocmx | node-tf2-item-format |
Affected:
4.2.6 , < 5.9.14
(custom)
cpe:2.3:a:danocmx:node-tf2-item-format:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:danocmx:node-tf2-item-format:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "node-tf2-item-format",
"vendor": "danocmx",
"versions": [
{
"lessThan": "5.9.14",
"status": "affected",
"version": "4.2.6",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41655",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T14:57:56.367784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T15:59:34.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/danocmx/node-tf2-item-format/security/advisories/GHSA-8h55-q5qq-p685",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/danocmx/node-tf2-item-format/security/advisories/GHSA-8h55-q5qq-p685"
},
{
"name": "https://github.com/danocmx/node-tf2-item-format/commit/5cffcc16a9261d6a937bda72bfe6830e02e31eec",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/danocmx/node-tf2-item-format/commit/5cffcc16a9261d6a937bda72bfe6830e02e31eec"
},
{
"name": "https://github.com/danocmx/node-tf2-item-format/releases/tag/v5.9.14",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/danocmx/node-tf2-item-format/releases/tag/v5.9.14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-tf2-item-format",
"vendor": "danocmx",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.6, \u003c 5.9.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TF2 Item Format helps users format TF2 items to the community standards. Versions of `tf2-item-format` since at least `4.2.6` and prior to `5.9.14` are vulnerable to a Regular Expression Denial of Service (ReDoS) attack when parsing crafted user input. This vulnerability can be exploited by an attacker to perform DoS attacks on any service that uses any `tf2-item-format` to parse user input. Version `5.9.14` contains a fix for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-624",
"description": "CWE-624: Executable Regular Expression Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T14:49:34.078Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/danocmx/node-tf2-item-format/security/advisories/GHSA-8h55-q5qq-p685",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/danocmx/node-tf2-item-format/security/advisories/GHSA-8h55-q5qq-p685"
},
{
"name": "https://github.com/danocmx/node-tf2-item-format/commit/5cffcc16a9261d6a937bda72bfe6830e02e31eec",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/danocmx/node-tf2-item-format/commit/5cffcc16a9261d6a937bda72bfe6830e02e31eec"
},
{
"name": "https://github.com/danocmx/node-tf2-item-format/releases/tag/v5.9.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/danocmx/node-tf2-item-format/releases/tag/v5.9.14"
}
],
"source": {
"advisory": "GHSA-8h55-q5qq-p685",
"discovery": "UNKNOWN"
},
"title": "TF2 Item Format Regular Expression Denial of Service vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41655",
"datePublished": "2024-07-23T14:49:34.078Z",
"dateReserved": "2024-07-18T15:21:47.481Z",
"dateUpdated": "2024-08-02T04:46:52.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41766 (GCVE-0-2024-41766)
Vulnerability from cvelistv5 – Published: 2025-01-04 14:37 – Updated: 2025-01-06 16:01
VLAI
Title
IBM Engineering Lifecycle Optimization - Publishing denial of service
Summary
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7180203 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Engineering Lifecycle Optimization Publishing |
Affected:
7.0.2, 7.0.3
cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T16:01:12.372902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T16:01:20.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Lifecycle Optimization Publishing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2, 7.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression."
}
],
"value": "IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-04T14:37:08.203Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7180203"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Lifecycle Optimization - Publishing denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41766",
"datePublished": "2025-01-04T14:37:08.203Z",
"dateReserved": "2024-07-22T12:02:49.316Z",
"dateUpdated": "2025-01-06T16:01:20.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45296 (GCVE-0-2024-45296)
Vulnerability from cvelistv5 – Published: 2024-09-09 19:07 – Updated: 2025-01-24 20:03
VLAI
Title
path-to-regexp outputs backtracking regular expressions
Summary
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/pillarjs/path-to-regexp/securi… | x_refsource_CONFIRM |
| https://github.com/pillarjs/path-to-regexp/commit… | x_refsource_MISC |
| https://github.com/pillarjs/path-to-regexp/commit… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2025012… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| pillarjs | path-to-regexp |
Affected:
< 0.1.10
Affected: >= 0.2.0, < 8.0.0 |
|
| pillarjs | path-to-regexp |
Affected:
0 , < 0.1.0
(custom)
Affected: 0.2.0 , < 8.0.0 (custom) cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "path-to-regexp",
"vendor": "pillarjs",
"versions": [
{
"lessThan": "0.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.0.0",
"status": "affected",
"version": "0.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T19:32:57.513942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T19:38:12.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-24T20:03:07.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250124-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "path-to-regexp",
"vendor": "pillarjs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.1.10"
},
{
"status": "affected",
"version": "\u003e= 0.2.0, \u003c 8.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T19:07:40.313Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
},
{
"name": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"name": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
}
],
"source": {
"advisory": "GHSA-9wv6-86v2-598j",
"discovery": "UNKNOWN"
},
"title": "path-to-regexp outputs backtracking regular expressions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45296",
"datePublished": "2024-09-09T19:07:40.313Z",
"dateReserved": "2024-08-26T18:25:35.442Z",
"dateUpdated": "2025-01-24T20:03:07.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45801 (GCVE-0-2024-45801)
Vulnerability from cvelistv5 – Published: 2024-09-16 18:25 – Updated: 2024-09-16 20:04
VLAI
Title
Tampering by prototype polution in DOMPurify
Summary
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/cure53/DOMPurify/security/advi… | x_refsource_CONFIRM |
| https://github.com/cure53/DOMPurify/commit/1e5202… | x_refsource_MISC |
| https://github.com/cure53/DOMPurify/commit/26e1d6… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T20:04:30.471934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T20:04:47.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DOMPurify",
"vendor": "cure53",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.4"
},
{
"status": "affected",
"version": "\u003e=3.0.0, \u003c 3.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T18:25:28.065Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674"
},
{
"name": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21"
},
{
"name": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc"
}
],
"source": {
"advisory": "GHSA-mmhx-hmjr-r674",
"discovery": "UNKNOWN"
},
"title": "Tampering by prototype polution in DOMPurify"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45801",
"datePublished": "2024-09-16T18:25:28.065Z",
"dateReserved": "2024-09-09T14:23:07.503Z",
"dateUpdated": "2024-09-16T20:04:47.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45813 (GCVE-0-2024-45813)
Vulnerability from cvelistv5 – Published: 2024-09-18 16:47 – Updated: 2024-09-18 18:07
VLAI
Title
ReDoS vulnerability in multiparametric routes in find-my-way
Summary
find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, like `/:a-:b-`. This may cause a denial of service in some instances. Users are advised to update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. There are no known workarounds for this issue.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/delvedor/find-my-way/security/… | x_refsource_CONFIRM |
| https://github.com/delvedor/find-my-way/commit/5e… | x_refsource_MISC |
| https://blakeembrey.com/posts/2024-09-web-redos | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| delvedor | find-my-way |
Affected:
< 8.2.2
Affected: = 9.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:07:01.965848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:07:10.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "find-my-way",
"vendor": "delvedor",
"versions": [
{
"status": "affected",
"version": "\u003c 8.2.2"
},
{
"status": "affected",
"version": "= 9.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it\u0027s framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, like `/:a-:b-`. This may cause a denial of service in some instances. Users are advised to update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T16:47:57.138Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6"
},
{
"name": "https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440"
},
{
"name": "https://blakeembrey.com/posts/2024-09-web-redos",
"tags": [
"x_refsource_MISC"
],
"url": "https://blakeembrey.com/posts/2024-09-web-redos"
}
],
"source": {
"advisory": "GHSA-rrr8-f88r-h8q6",
"discovery": "UNKNOWN"
},
"title": "ReDoS vulnerability in multiparametric routes in find-my-way"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45813",
"datePublished": "2024-09-18T16:47:57.138Z",
"dateReserved": "2024-09-09T14:23:07.505Z",
"dateUpdated": "2024-09-18T18:07:10.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47887 (GCVE-0-2024-47887)
Vulnerability from cvelistv5 – Published: 2024-10-16 20:02 – Updated: 2024-10-17 16:36
VLAI
Title
Action Controller has possible ReDoS vulnerability in HTTP Token authentication
Summary
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may choose to use Ruby 3.2 as a workaround.Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/rails/rails/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/rails/rails/commit/56b2fc33028… | x_refsource_MISC |
| https://github.com/rails/rails/commit/7c1398854d5… | x_refsource_MISC |
| https://github.com/rails/rails/commit/8e057db25bf… | x_refsource_MISC |
| https://github.com/rails/rails/commit/f4dc83d8926… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| rails | rails |
Affected:
>= 4.0.0, < 6.1.7.9
Affected: >= 7.0.0, < 7.0.8.5 Affected: >= 7.1.0, < 7.1.4.1 Affected: >= 7.2.0, < 7.2.1.1 |
|
| rubyonrails | rails |
Affected:
4.0.0 , < 6.1.7.9
(custom)
Affected: 7.0.0 , < 7.0.8.5 (custom) Affected: 7.1.0 , < 7.1.4.1 (custom) Affected: 7.2.0 , < 7.2.1.1 (custom) cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rails",
"vendor": "rubyonrails",
"versions": [
{
"lessThan": "6.1.7.9",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "7.0.8.5",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "7.1.4.1",
"status": "affected",
"version": "7.1.0",
"versionType": "custom"
},
{
"lessThan": "7.2.1.1",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T16:34:50.411686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T16:36:00.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rails",
"vendor": "rails",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 6.1.7.9"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.8.5"
},
{
"status": "affected",
"version": "\u003e= 7.1.0, \u003c 7.1.4.1"
},
{
"status": "affected",
"version": "\u003e= 7.2.0, \u003c 7.2.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller\u0027s HTTP Token authentication. For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may choose to use Ruby 3.2 as a workaround.Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T20:52:35.223Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4"
},
{
"name": "https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049"
},
{
"name": "https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a"
},
{
"name": "https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545"
},
{
"name": "https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2"
}
],
"source": {
"advisory": "GHSA-vfg9-r3fq-jvx4",
"discovery": "UNKNOWN"
},
"title": "Action Controller has possible ReDoS vulnerability in HTTP Token authentication"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47887",
"datePublished": "2024-10-16T20:02:34.722Z",
"dateReserved": "2024-10-04T16:00:09.631Z",
"dateUpdated": "2024-10-17T16:36:00.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47888 (GCVE-0-2024-47888)
Vulnerability from cvelistv5 – Published: 2024-10-16 20:31 – Updated: 2024-10-16 20:52
VLAI
Title
Action Text has possible ReDoS vulnerability in plain_text_for_blockquote_node
Summary
Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Carefully crafted text can cause the `plain_text_for_blockquote_node` helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. As a workaround, users can avoid calling `plain_text_for_blockquote_node` or upgrade to Ruby 3.2. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/rails/rails/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/rails/rails/commit/4f4312b21a6… | x_refsource_MISC |
| https://github.com/rails/rails/commit/727b0946c3c… | x_refsource_MISC |
| https://github.com/rails/rails/commit/ba286c0a310… | x_refsource_MISC |
| https://github.com/rails/rails/commit/de0df7caebd… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| rails | rails |
Affected:
>= 6.0.0, < 6.1.7.9
Affected: >= 7.0.0, < 7.0.8.5 Affected: >= 7.1.0, < 7.1.4.1 Affected: >= 7.2.0, < 7.2.1.1 |
|
| rails | rails |
Affected:
6.0.0 , < 6.1.7.9
(custom)
Affected: 7.0.0 , < 7.0.8.5 (custom) Affected: 7.1.0 , < 7.1.4.1 (custom) Affected: 7.2.0 , < 7.2.1.1 (custom) cpe:2.3:a:rails:rails:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rails:rails:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rails",
"vendor": "rails",
"versions": [
{
"lessThan": "6.1.7.9",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "7.0.8.5",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "7.1.4.1",
"status": "affected",
"version": "7.1.0",
"versionType": "custom"
},
{
"lessThan": "7.2.1.1",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T20:45:54.538011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T20:48:07.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rails",
"vendor": "rails",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.1.7.9"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.8.5"
},
{
"status": "affected",
"version": "\u003e= 7.1.0, \u003c 7.1.4.1"
},
{
"status": "affected",
"version": "\u003e= 7.2.0, \u003c 7.2.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Carefully crafted text can cause the `plain_text_for_blockquote_node` helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. As a workaround, users can avoid calling `plain_text_for_blockquote_node` or upgrade to Ruby 3.2. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T20:52:22.728Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw"
},
{
"name": "https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468"
},
{
"name": "https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822"
},
{
"name": "https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e"
},
{
"name": "https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5"
}
],
"source": {
"advisory": "GHSA-wwhv-wxv9-rpgw",
"discovery": "UNKNOWN"
},
"title": "Action Text has possible ReDoS vulnerability in plain_text_for_blockquote_node"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47888",
"datePublished": "2024-10-16T20:31:06.037Z",
"dateReserved": "2024-10-04T16:00:09.632Z",
"dateUpdated": "2024-10-16T20:52:22.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Use regular expressions that do not support backtracking, e.g. by removing nested quantifiers.
Mitigation
Phase: System Configuration
Description:
- Set backtracking limits in the configuration of the regular expression implementation, such as PHP's pcre.backtrack_limit. Also consider limits on execution time for the process.
Mitigation
Phase: Implementation
Description:
- Do not use regular expressions with untrusted input. If regular expressions must be used, avoid using backtracking in the expression.
Mitigation
Phase: Implementation
Description:
- Limit the length of the input that the regular expression will process.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.