Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ydzcyLXY2YzctaGY5cs4AA_O6
ReDoS in urlregex
A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.5.1 is able to address this issue. The identifier of the patch is e5a085afe6abfaea1d1a78f54c45af9ef43ca1f9. It is recommended to upgrade the affected component.
Permalink: https://github.com/advisories/GHSA-rw72-v6c7-hf9rJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ydzcyLXY2YzctaGY5cs4AA_O6
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Identifiers: GHSA-rw72-v6c7-hf9r, CVE-2020-36830
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-36830
- https://github.com/nescalante/urlregex/pull/8
- https://github.com/nescalante/urlregex/commit/e5a085afe6abfaea1d1a78f54c45af9ef43ca1f9
- https://github.com/nescalante/urlregex/releases/tag/v0.5.1
- https://vuldb.com/?ctiid.276269
- https://vuldb.com/?id.276269
- https://github.com/advisories/GHSA-rw72-v6c7-hf9r
Blast Radius: 0.0
Affected Packages
npm:urlregex
Dependent packages: 1Dependent repositories: 1
Downloads: 10,332 last month
Affected Version Ranges: < 0.5.1
Fixed in: 0.5.1
All affected versions: 0.1.0, 0.1.1, 0.2.0, 0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.5.0
All unaffected versions: 0.5.1, 0.5.2, 0.6.0, 0.6.1, 0.6.4, 0.6.7, 0.6.8, 1.0.0