path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296.
Metrics
Affected Vendors & Products
References
History
Mon, 09 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Pillarjs
Pillarjs path-to-regexp |
|
CPEs | cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:* | |
Vendors & Products |
Pillarjs
Pillarjs path-to-regexp |
|
Metrics |
ssvc
|
Sat, 07 Dec 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Thu, 05 Dec 2024 23:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296. | |
Title | path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x | |
Weaknesses | CWE-1333 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-05T22:45:42.774Z
Updated: 2024-12-09T14:54:43.939Z
Reserved: 2024-11-15T17:11:13.440Z
Link: CVE-2024-52798
Vulnrichment
Updated: 2024-12-09T14:54:37.333Z
NVD
Status : Received
Published: 2024-12-05T23:15:06.310
Modified: 2024-12-05T23:15:06.310
Link: CVE-2024-52798
Redhat