Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwcTctcmN4di00N3Zx
Incorrect Regular Expression in RestSharp
RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.
Permalink: https://github.com/advisories/GHSA-9pq7-rcxv-47vqJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwcTctcmN4di00N3Zx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 3 years ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-9pq7-rcxv-47vq, CVE-2021-27293
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-27293
- https://github.com/restsharp/RestSharp/issues/1556
- https://restsharp.dev/
- https://github.com/restsharp/RestSharp/commit/be39346784b68048b230790d15333574341143bc
- https://github.com/advisories/GHSA-9pq7-rcxv-47vq
Blast Radius: 11.8
Affected Packages
nuget:RestSharp
Dependent packages: 18Dependent repositories: 37
Downloads: 297,343,549 total
Affected Version Ranges: <= 106.11.7
Fixed in: 106.11.8-alpha.0.13
All affected versions: 1.0.0, 100.3.0, 101.0.0, 101.1.0, 101.2.0, 101.3.0, 102.0.0, 102.1.0, 102.2.0, 102.3.0, 102.4.0, 102.5.0, 102.6.0, 102.7.0, 103.0.0, 103.1.0, 103.2.0, 103.3.0, 103.4.0, 104.0.0, 104.1.0, 104.2.0, 104.3.3, 104.4.0, 104.5.0, 105.0.0, 105.0.1, 105.1.0, 105.2.0, 105.2.1, 105.2.2, 105.2.3, 106.0.0, 106.0.1, 106.1.0, 106.2.0, 106.2.1, 106.2.2, 106.3.0, 106.3.1, 106.4.0, 106.4.1, 106.4.2, 106.5.0, 106.5.1, 106.5.2, 106.5.3, 106.5.4, 106.6.0, 106.6.1, 106.6.2, 106.6.3, 106.6.4, 106.6.5, 106.6.6, 106.6.7, 106.6.8, 106.6.9, 106.6.10, 106.8.0, 106.9.0, 106.10.0, 106.10.1, 106.11.0, 106.11.1, 106.11.2, 106.11.3, 106.11.4, 106.11.5, 106.11.6, 106.11.7
All unaffected versions: 106.12.0, 106.13.0, 106.15.0, 107.0.0, 107.0.1, 107.0.2, 107.0.3, 107.1.0, 107.1.1, 107.1.2, 107.2.0, 107.2.1, 107.3.0, 108.0.0, 108.0.1, 108.0.2, 108.0.3, 108.0.4, 109.0.0, 109.0.1, 110.0.0, 110.1.0, 110.2.0