Lucene search

GitHub Advisory DatabaseGHSA-CQFH-C4C5-C2HG

HistoryMar 28, 2024 - 12:31 a.m.

domain-suffix RegEx Denial of Service

2024-03-2800:31:40

CWE-1333

GitHub Advisory Database

github.com

regex dos

domain-suffix

parse function

software

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

JSON

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function.

Affected configurations

Vulners

Node

domain-suffixRange≤1.0.8

VendorProductVersionCPE
*domain-suffix*cpe:2.3:a:*:domain-suffix:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	domain-suffix	*	cpe:2.3:a::domain-suffix::::::::*

References

gist.github.com/6en6ar/c3b11b4058b8e2bc54717408d451fb79

github.com/advisories/GHSA-cqfh-c4c5-c2hg

github.com/ikrong/domain-suffix/blob/master/src/domainSuffix.ts

nvd.nist.gov/vuln/detail/CVE-2024-25354

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

JSON

Related for GHSA-CQFH-C4C5-C2HG