PT-2022-23131 · Unknown · Nitrado.Js
Published
2022-08-29
·
Updated
2023-07-21
·
CVE-2022-36034
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
nitrado.js versions prior to 0.2.5
Description
The issue is related to a possible ReDoS (Regular expression Denial of Service) with lib input of
{{ and with many repetitions of {{|. This can cause a denial of service. There are currently no known workarounds.Recommendations
For versions prior to 0.2.5, update to a version above 0.2.5 to resolve the issue. As a temporary workaround, consider restricting the input to prevent repetitions of
{{| until a patch is applied. Avoid using the lib input of {{ and {{| in the affected API endpoint until the issue is resolved.Exploit
Fix
Resource Exhaustion
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nitrado.Js