Lucene search
K

70 matches found

OSV
OSV
added 2025/02/14 7:37 p.m.13 views

CVE-2025-25290 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...

5.3CVSS6.4AI score0.00729EPSS
Exploits0References8
CVE
CVE
added 2025/02/14 7:37 p.m.312 views

CVE-2025-25290

CVE-2025-25290 affects Octokit’s request.js: the code path that parses HTTP Link headers uses an unbounded RegExp (/]+)>; rel="deprecation"/) to match deprecation links. This enables a ReDoS (Regular Expression Denial of Service) by crafted link headers, causing high CPU use and potential serv...

5.3CVSS6.3AI score0.00729EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/02/14 7:35 p.m.9 views

CVE-2025-25289 @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...

5.3CVSS6.9AI score0.0058EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/14 7:35 p.m.15 views

CVE-2025-25289 @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...

5.3CVSS0.0058EPSS
Exploits0References3
OSV
OSV
added 2025/02/14 7:35 p.m.6 views

CVE-2025-25289 @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...

5.3CVSS6.5AI score0.0058EPSS
Exploits0References5
CVE
CVE
added 2025/02/14 7:35 p.m.276 views

CVE-2025-25289

CVE-2025-25289 describes a ReDoS vulnerability in the octokit request-error handling. Prior to v6.1.7, an authorization header containing a long sequence of spaces followed by a newline and “@” could cause exponential regular-expression processing, leading to high resource consumption and potenti...

5.3CVSS6.9AI score0.0058EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/14 7:33 p.m.11 views

CVE-2025-25288 @octokit/plugin-paginate-rest has a Regular Expression in iterator that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a...

5.3CVSS6.8AI score0.0058EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/14 7:33 p.m.18 views

CVE-2025-25288 @octokit/plugin-paginate-rest has a Regular Expression in iterator that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a...

5.3CVSS0.0058EPSS
Exploits0References3
OSV
OSV
added 2025/02/14 7:33 p.m.10 views

CVE-2025-25288 @octokit/plugin-paginate-rest has a Regular Expression in iterator that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a...

5.3CVSS6.4AI score0.0058EPSS
Exploits0References5
CVE
CVE
added 2025/02/14 7:33 p.m.321 views

CVE-2025-25288

CVE-2025-25288 affects the npm package @octokit/plugin-paginate-rest (Octokit pagination plugin). For versions 1.0.0 up to but not including 11.4.1, calling octokit.paginate.iterator() can be triggered by a specially crafted octokit instance with a malicious link in the headers of the request, le...

5.3CVSS6.9AI score0.0058EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/14 7:31 p.m.20 views

CVE-2025-25285 @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the...

5.3CVSS6.8AI score0.0058EPSS
Exploits0References3
OSV
OSV
added 2025/02/14 7:31 p.m.10 views

CVE-2025-25285 @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the...

5.3CVSS5.9AI score0.0058EPSS
Exploits0References5
CVE
CVE
added 2025/02/14 7:31 p.m.319 views

CVE-2025-25285

CVE-2025-25285 affects the npm package @octokit/endpoint. The vulnerability arises in endpoint.parse(options) via crafted options in versions 4.1.0 through before 10.1.3, causing a ReDoS that can hang the program and raise CPU usage. A fix is available in version 10.1.3 (patch applied) and later....

5.3CVSS6.8AI score0.0058EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/02/14 5:58 p.m.5 views

@zendeskgarden/scripts (>=2.1.0 <=2.4.3) potentially affected by CVE-2025-25289 via @octokit/request-error (>=6.1.1 <=6.1.4)

@octokit/request-error NPM version =6.1.1, =2.1.0, =2.4.3 Source cves: CVE-2025-25289 Source advisory: OSV:GHSA-XX4V-PRFH-6CGC...

5.3CVSS6.5AI score0.0058EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/02/14 5:58 p.m.8 views

-temp-electron-manager-somiibo (=0.0.200), 0z_export (>=1.0.0 <=1.0.102) +10004 more potentially affected by CVE-2025-25289 via @octokit/request-error (>=1.2.1 <=5.1.0)

@octokit/request-error NPM version =1.2.1, =1.0.0, =1.0.0, =0.0.1, =3.0.0-beta.22, =3.0.0-beta.22, =3.16.2, =3.16.3, =3.16.2, =3.16.2, =4.2.1, =4.4.0 and more Source cves: CVE-2025-25289 Source advisory: OSV:GHSA-XX4V-PRFH-6CGC...

5.3CVSS6.5AI score0.0058EPSS
Exploits0
OSV
OSV
added 2025/02/14 5:57 p.m.8 views

GHSA-H5C3-5R3R-RR8Q @octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary For the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a malicious link parameter in the headers section of the request—can trigger a ReDoS attack. Details The issue occurs at line 39 of iterator.ts...

5.3CVSS5.2AI score0.0058EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/02/14 5:57 p.m.17 views

@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary For the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a malicious link parameter in the headers section of the request—can trigger a ReDoS attack. Details The issue occurs at line 39 of iterator.ts...

5.3CVSS6.8AI score0.0058EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/02/14 5:56 p.m.31 views

@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary By crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the program to hang and results in high CPU utilization. Details The issue occurs in the parse function within the parse.ts...

5.3CVSS6.3AI score0.0058EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.4 views

Octokit 安全漏洞

Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit version 1.0.0 through versions prior to 11.4.1, which stems from a specially crafted instance of octokit that may trigger a Regular Expression Denial of Service ReDoS attack...

5.3CVSS6.4AI score0.0058EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.5 views

Octokit 安全漏洞

Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit version 1.0.0 through versions prior to 9.2.1, which stems from the unrestricted nature of the regular expression matching behavior, and could lead to catastrophic backtracking when processing ad-hoc input,...

5.3CVSS6.5AI score0.00729EPSS
Exploits0References2
Rows per page
Query Builder