Lucene search

[email protected]CVE-2023-33290

HistoryJun 12, 2023 - 1:15 p.m.

CVE-2023-33290

2023-06-1213:15:10

CWE-1333

[email protected]

web.nvd.nist.gov

git-url-parse

rust

redos

cve-2023-33290

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.2%

JSON

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).

Affected configurations

NVD

Node

git-url-parse_projectgit-url-parseRange≤0.4.4rust

CPENameOperatorVersion
git-url-parse_project:git-url-parsegit-url-parse project git-url-parsele0.4.4

CPE	Name	Operator	Version
git-url-parse_project:git-url-parse	git-url-parse project git-url-parse	le	0.4.4

References

github.com/tjtelan/git-url-parse-rs/issues/51

lib.rs/crates/git-url-parse

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.2%

JSON

Related for CVE-2023-33290

prion2 github2 nvd2 osv3 cvelist2 veracode1 cve1