find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, like `/:a-:b-`. This may cause a denial of service in some instances. Users are advised to update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. There are no known workarounds for this issue.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs |
Thu, 19 Dec 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:acm:2.11::el9 cpe:/a:redhat:multicluster_engine:2.6::el8 cpe:/a:redhat:multicluster_engine:2.6::el9 |
Sat, 07 Dec 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat acm
Redhat multicluster Engine |
|
CPEs | cpe:/a:redhat:acm:2.12::el9 cpe:/a:redhat:multicluster_engine:2.7::el8 cpe:/a:redhat:multicluster_engine:2.7::el9 |
|
Vendors & Products |
Redhat acm
Redhat multicluster Engine |
Wed, 27 Nov 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat openshift Devspaces |
|
CPEs | cpe:/a:redhat:openshift_devspaces:3::el8 | |
Vendors & Products |
Redhat
Redhat openshift Devspaces |
Wed, 18 Sep 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Wed, 18 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 18 Sep 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, like `/:a-:b-`. This may cause a denial of service in some instances. Users are advised to update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. There are no known workarounds for this issue. | |
Title | ReDoS vulnerability in multiparametric routes in find-my-way | |
Weaknesses | CWE-1333 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-09-18T16:47:57.138Z
Updated: 2024-09-18T18:07:10.935Z
Reserved: 2024-09-09T14:23:07.505Z
Link: CVE-2024-45813
Vulnrichment
Updated: 2024-09-18T18:07:07.246Z
NVD
Status : Awaiting Analysis
Published: 2024-09-18T17:15:19.163
Modified: 2024-09-20T12:30:17.483
Link: CVE-2024-45813
Redhat