Lucene search

Veracode Vulnerability DatabaseVERACODE:30741

HistoryMay 29, 2021 - 3:41 p.m.

Regular Expression Denial Of Service (ReDoS)

2021-05-2915:41:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

regular expression denial of service

vulnerability

ws software

application crash

excessive cpu consumption

sec-websocket-protocol

EPSS

0.002

Percentile

60.7%

JSON

ws is vulnerable to regular expression denial of service. An attacker is able to cause excessive CPU consumption that can lead to an application crash by submitting a malicious value of Sec-Websocket-Protocol.

References

github.com/advisories/GHSA-6fc8-4gx4-v693

github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff

github.com/websockets/ws/issues/1895

github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693

lists.apache.org/thread.html/rdfa7b6253c4d6271e31566ecd5f30b7ce1b8fb2c89d52b8c4e0f4e30@%3Ccommits.tinkerpop.apache.org%3E

security-tracker.debian.org/tracker/CVE-2021-32640

security.netapp.com/advisory/ntap-20210706-0005/

www.linkedin.com/in/robmcl4

EPSS

0.002

Percentile

60.7%

JSON

Related for VERACODE:30741