7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
39.7%
Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807.
CPE | Name | Operator | Version |
---|---|---|---|
octobox_project:octobox | octobox project octobox | lt | 2021-11-02 |
[
{
"vendor": "octobox",
"product": "octobox",
"versions": [
{
"version": "2807",
"status": "affected",
"lessThan": "2807",
"versionType": "custom"
}
]
}
]