Lucene search
ApacheCVELIST:CVE-2022-26650HistoryMay 17, 2022 - 8:05 a.m.
CVE-2022-26650 Apache ShenYu (incubating) Regular expression denial of service
2022-05-1708:05:10
CWE-1333
apache
www.cve.org
6
cve-2022-26650
apache shenyu
regular expression denial of service
fix
2.4.3
EPSS
0.001
Percentile
47.4%
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3.
CNA Affected
[
{
"product": "Apache ShenYu (incubating) ",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2022-26650
2022-05-17 08:15:06
Regular expression denial of service in Apache ShenYu
2022-05-18 00:00:47
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2022-05-18 03:45:33
prion
prion
Code injection
2022-05-17 08:15:00
nvd
nvd
CVE-2022-26650
2022-05-17 08:15:06
github
github
Regular expression denial of service in Apache ShenYu
2022-05-18 00:00:47
cve
cve
CVE-2022-26650
2022-05-17 08:15:06