CVE-2023-25166

🗓️ 08 Feb 2023 20:25:15Reported by GitHub_MType

formula parser CVE-2023-25166, crafted strings lead to denial of servic

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 12
OSV	CVE-2023-25166	8 Feb 202320:15	–	osv
OSV	GHSA-C2JC-4FPR-4VHG @sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability	8 Feb 202322:38	–	osv
Vulnrichment	CVE-2023-25166 Regular Expression Denial of Service (ReDoS) Vulnerability	8 Feb 202319:28	–	vulnrichment
Prion	Design/Logic Flaw	8 Feb 202320:15	–	prion
Cvelist	CVE-2023-25166 Regular Expression Denial of Service (ReDoS) Vulnerability	8 Feb 202319:28	–	cvelist
RedhatCVE	CVE-2023-25166	9 Feb 202304:58	–	redhatcve
Github Security Blog	@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability	8 Feb 202322:38	–	github
Hacker One	Mozilla: Missing Function Level Access Control in Mozilla formula containsRegular Expression Denial of Service (CVE-2023-25166)	20 Feb 202311:44	–	hackerone
NVD	CVE-2023-25166	8 Feb 202320:15	–	nvd
Veracode	Regular Expression Denial Of Service (ReDoS)	14 Feb 202307:21	–	veracode

Nvd

Vulners

Node

hapi formulaRange<3.0.1node.js

[
  {
    "vendor": "hapijs",
    "product": "formula",
    "versions": [
      {
        "version": "< 3.0.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/hapijs/formula/security/advisories/GHSA-c2jc-4fpr-4vhg
github	www.github.com/hapijs/formula/commit/9fbc20a02d75ae809c37a610a57802cd1b41b3fe

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

08 Feb 2023 20:15Current

5.8Medium risk

Vulners AI Score5.8

CVSS35.5 - 6.5

EPSS0.00761

SSVC

CWE-1333