Lucene search
MitreCVELIST:CVE-2023-32758HistoryMay 15, 2023 - 12:00 a.m.
CVE-2023-32758
2023-05-1500:00:00
mitre
www.cve.org
4
giturlparse
semgrep
redos
regular expression denial of service
url
package analysis
EPSS
0.001
Percentile
43.7%
giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package’s author placed a ReDoS attack payload in a URL used by the package.
Related
osv
osv
git-url-parse Regular Expression Denial of Service
2023-05-15 06:30:19
CVE-2023-32758
2023-05-15 04:15:10
git-url-parse crate vulnerable to Regular Expression Denial of Service
2023-06-12 15:30:28
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-05-17 08:56:20
prion
prion
Design/Logic Flaw
2023-05-15 04:15:00
Code injection
2023-06-12 13:15:00
cve
cve
CVE-2023-32758
2023-05-15 04:15:10
CVE-2023-33290
2023-06-12 13:15:10
nvd
nvd
CVE-2023-32758
2023-05-15 04:15:10
CVE-2023-33290
2023-06-12 13:15:10
github
github
git-url-parse Regular Expression Denial of Service
2023-05-15 06:30:19
git-url-parse crate vulnerable to Regular Expression Denial of Service
2023-06-12 15:30:28
cvelist
cvelist
CVE-2023-33290
2023-06-12 00:00:00