Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yNHE5LXh4NWctajI0cM4AA7es
s3-url-parser vulnerable to Denial of Service via regexes component
s3-url-parser 1.0.3 is vulnerable to denial of service via the regexes component.
Permalink: https://github.com/advisories/GHSA-r4q9-xx5g-j24pJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yNHE5LXh4NWctajI0cM4AA7es
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 16 days ago
Updated: 15 days ago
Identifiers: GHSA-r4q9-xx5g-j24p, CVE-2024-25355
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-25355
- https://gist.github.com/6en6ar/a4977866c59cbcfc716f0f2717b812bf
- https://github.com/AntonioRecaldeRusso/s3-url-parser/blob/master/index.js
- https://github.com/advisories/GHSA-r4q9-xx5g-j24p
Blast Radius: 0.0
Affected Packages
npm:s3-url-parser
Dependent packages: 3Dependent repositories: 4
Downloads: 13,490 last month
Affected Version Ranges: = 1.0.3
No known fixed version
All affected versions: 1.0.3