70 matches found
CVE-2025-25290 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...
CVE-2025-25290
CVE-2025-25290 affects Octokit’s request.js: the code path that parses HTTP Link headers uses an unbounded RegExp (/]+)>; rel="deprecation"/) to match deprecation links. This enables a ReDoS (Regular Expression Denial of Service) by crafted link headers, causing high CPU use and potential serv...
CVE-2025-25289 @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...
CVE-2025-25289 @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...
CVE-2025-25289 @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...
CVE-2025-25289
CVE-2025-25289 describes a ReDoS vulnerability in the octokit request-error handling. Prior to v6.1.7, an authorization header containing a long sequence of spaces followed by a newline and “@” could cause exponential regular-expression processing, leading to high resource consumption and potenti...
CVE-2025-25288 @octokit/plugin-paginate-rest has a Regular Expression in iterator that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a...
CVE-2025-25288 @octokit/plugin-paginate-rest has a Regular Expression in iterator that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a...
CVE-2025-25288 @octokit/plugin-paginate-rest has a Regular Expression in iterator that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a...
CVE-2025-25288
CVE-2025-25288 affects the npm package @octokit/plugin-paginate-rest (Octokit pagination plugin). For versions 1.0.0 up to but not including 11.4.1, calling octokit.paginate.iterator() can be triggered by a specially crafted octokit instance with a malicious link in the headers of the request, le...
CVE-2025-25285 @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the...
CVE-2025-25285 @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the...
CVE-2025-25285
CVE-2025-25285 affects the npm package @octokit/endpoint. The vulnerability arises in endpoint.parse(options) via crafted options in versions 4.1.0 through before 10.1.3, causing a ReDoS that can hang the program and raise CPU usage. A fix is available in version 10.1.3 (patch applied) and later....
@zendeskgarden/scripts (>=2.1.0 <=2.4.3) potentially affected by CVE-2025-25289 via @octokit/request-error (>=6.1.1 <=6.1.4)
@octokit/request-error NPM version =6.1.1, =2.1.0, =2.4.3 Source cves: CVE-2025-25289 Source advisory: OSV:GHSA-XX4V-PRFH-6CGC...
-temp-electron-manager-somiibo (=0.0.200), 0z_export (>=1.0.0 <=1.0.102) +10004 more potentially affected by CVE-2025-25289 via @octokit/request-error (>=1.2.1 <=5.1.0)
@octokit/request-error NPM version =1.2.1, =1.0.0, =1.0.0, =0.0.1, =3.0.0-beta.22, =3.0.0-beta.22, =3.16.2, =3.16.3, =3.16.2, =3.16.2, =4.2.1, =4.4.0 and more Source cves: CVE-2025-25289 Source advisory: OSV:GHSA-XX4V-PRFH-6CGC...
GHSA-H5C3-5R3R-RR8Q @octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Summary For the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a malicious link parameter in the headers section of the request—can trigger a ReDoS attack. Details The issue occurs at line 39 of iterator.ts...
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Summary For the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a malicious link parameter in the headers section of the request—can trigger a ReDoS attack. Details The issue occurs at line 39 of iterator.ts...
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Summary By crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the program to hang and results in high CPU utilization. Details The issue occurs in the parse function within the parse.ts...
Octokit 安全漏洞
Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit version 1.0.0 through versions prior to 11.4.1, which stems from a specially crafted instance of octokit that may trigger a Regular Expression Denial of Service ReDoS attack...
Octokit 安全漏洞
Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit version 1.0.0 through versions prior to 9.2.1, which stems from the unrestricted nature of the regular expression matching behavior, and could lead to catastrophic backtracking when processing ad-hoc input,...