CVE-2023-23925

🗓️ 03 Feb 2023 20:10:15Reported by GitHub_MType

Switcher Client SDK vulnerability in Strategy match operation may lead to reDOS attack. Patched in v3.1.4. Avoid REGEX with EXIST and NOT_EXIST settings

Reporter	Title	Published	Views	Family All 8
Prion	Design/Logic Flaw	3 Feb 202320:15	–	prion
NVD	CVE-2023-23925	3 Feb 202320:15	–	nvd
OSV	CVE-2023-23925	3 Feb 202320:15	–	osv
OSV	Switcher Client contains Regular Expression Denial of Service (ReDoS)	2 Feb 202301:33	–	osv
Vulnrichment	CVE-2023-23925 Switcher Client contains Regular Expression Denial of Service (ReDoS)	3 Feb 202319:05	–	vulnrichment
Cvelist	CVE-2023-23925 Switcher Client contains Regular Expression Denial of Service (ReDoS)	3 Feb 202319:05	–	cvelist
Veracode	Regular Expression Denial Of Service (ReDoS)	9 Feb 202301:55	–	veracode
Github Security Blog	Switcher Client contains Regular Expression Denial of Service (ReDoS)	2 Feb 202301:33	–	github

Nvd

Vulners

Node

switcherapi switcher_clientRange<3.1.4node.js

[
  {
    "vendor": "switcherapi",
    "product": "switcher-client-master",
    "versions": [
      {
        "version": "< 3.1.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/switcherapi/switcher-client-master/security/advisories/GHSA-wqxw-8h5g-hq56
github	www.github.com/switcherapi/switcher-client-master/releases/tag/v3.1.4

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

03 Feb 2023 20:15Current

7.7High risk

Vulners AI Score7.7

CVSS37.5 - 8.6

EPSS0.00101

SSVC