Lucene search

GoogleOSV:GHSA-QJM7-55VV-3C5F

HistoryJan 18, 2023 - 3:31 a.m.

mel-spintax has Inefficient Regular Expression Complexity

2023-01-1803:31:17

Google

osv.dev

vulnerability

melnaron mel-spintax

inefficient regular expression complexity

file lib/spintax.js

patch 37767617846e27b87b63004e30216e8f919637d3

vdb-218456

software

CVSS2

2.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:S/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

47.2%

JSON

A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is 37767617846e27b87b63004e30216e8f919637d3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218456.

References

github.com/melnaron/mel-spintax

github.com/melnaron/mel-spintax/commit/37767617846e27b87b63004e30216e8f919637d3

nvd.nist.gov/vuln/detail/CVE-2018-25077

vuldb.com/?id.218456

CVSS2

2.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:S/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

47.2%

JSON

Related for OSV:GHSA-QJM7-55VV-3C5F