Lucene search
K

7 matches found

OSV
OSV
added 2023/06/12 3:30 p.m.24 views

GHSA-QFH9-8P57-MJJJ git-url-parse crate vulnerable to Regular Expression Denial of Service

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to normalizeurl in lib.rs, a similar issue to CVE-2023-32758 Python...

7.5CVSS7.3AI score0.00758EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/06/12 3:30 p.m.26 views

git-url-parse crate vulnerable to Regular Expression Denial of Service

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to normalizeurl in lib.rs, a similar issue to CVE-2023-32758 Python...

7.5CVSS6.7AI score0.00758EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2023/06/12 1:15 p.m.20 views

Code injection

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to normalizeurl in lib.rs, a similar issue to CVE-2023-32758 Python...

5CVSS7.4AI score0.01033EPSS
Exploits1References2Affected Software1
Circl
Circl
added 2023/05/15 7:29 a.m.7 views

CVE-2023-32758

creationtimestamp| type| source ---|---|--- 2023-05-15 07:29:12+00:00| seen| https://t.me/cibsecurity/64078 2025-01-23 20:03:34+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2814...

7.5CVSS7.3AI score0.01033EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/05/15 6:30 a.m.3 views

agogosml-cli (=0.1.2), chip-wallet-dstack (>=1.3.0 <=1.5.0) +23 more potentially affected by CVE-2023-32758 via git-url-parse (>=1.0.2 <=1.2.2)

git-url-parse PYPI version =1.0.2, =1.3.0, =1.11.4, =0.3.1.1, =0.5.0, =0.0.4, =0.1.2, =0.1.0, =0.0.1, =0.25.0, =0.3.10, =0.6.8 and more Source cves: CVE-2023-32758 Source advisory: OSV:GHSA-4XQQ-73WG-5MJP...

7.5CVSS7.1AI score0.01033EPSS
Exploits0
OSV
OSV
added 2023/05/15 12:0 a.m.11 views

CVE-2023-32758

giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...

7.5CVSS7AI score0.01033EPSS
Exploits0References7
CVE
CVE
added 2023/05/15 12:0 a.m.64 views

CVE-2023-32758

The connected documents confirm CVE-2023-32758 affects git-url-parse (Python) up to 1.2.2, used by Semgrep versions 1.5.2–1.24.1. The issue is a Regular Expression Denial of Service (ReDoS) when parsing untrusted URLs, with potential impact if a package’s author embeds a crafted URL in a target p...

7.5CVSS7.3AI score0.01033EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder