PT-2023-10820 · Segmentio · Is-Url

Josdejong

Publicado

2023-02-04

Atualizado

2024-05-17

CVE-2018-25079

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Segmentio is-url versions up to 1.2.2

Description A vulnerability was found in the file index.js, leading to inefficient regular expression complexity. The attack may be launched remotely.

Recommendations For versions up to 1.2.2, upgrade to version 1.2.3 to address this issue. As a temporary workaround, consider restricting the use of the affected component until a patch is applied.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1333

Identificadores relacionados

CVE-2018-25079

GHSA-P9W8-2MPQ-49H9

Produtos afetados

Is-Url

PT-2023-10820 · Segmentio · Is-Url

CVE-2018-25079

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10