Lucene search

K

Veracode Vulnerability DatabaseVERACODE:29806

HistoryMar 24, 2021 - 4:03 a.m.

Regular Expression Denial Of Service (ReDoS)

2021-03-2404:03:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

21

hosted-git-info

redos

vulnerability

fromurl

software

application crash

EPSS

0.003

Percentile

70.8%

hosted-git-info is vulnerable to regular expression denial of service (ReDoS). An attacker can provide a malicious string via shortcutMatch in the function fromUrl() in index.js to crash the application.

References

cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7

github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01

github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3

github.com/npm/hosted-git-info/commits/v2

github.com/npm/hosted-git-info/pull/76

EPSS

0.003

Percentile

70.8%

Related for VERACODE:29806

redhatcve1 ubuntucve1 github1 cve1 ibm18 nessus32 osv7 ubuntu1 nodejs1 debiancve1 nvd1 cvelist1 prion1 openvas20 rocky2 oraclelinux2 redhat8 archlinux3 almalinux2 suse8 mageia1 nodejsblog1 freebsd1 ics1