Lucene search
+L

5 matches found

OSV
OSV
added 2026/06/04 5:30 p.m.7 views

ROOT-APP-NPM-CVE-2025-25290 CVE-2025-25290 in @rootio/octokit__request - Patched by Root

Root has patched CVE-2025-25290 in the @rootio/octokitrequest package for Root:npm. Multiple fixed versions available...

5.3CVSS6.5AI score0.00754EPSS
Exploits0
Cvelist
Cvelist
added 2025/02/14 7:37 p.m.24 views

CVE-2025-25290 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...

5.3CVSS0.00754EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/02/14 7:37 p.m.12 views

CVE-2025-25290 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...

5.3CVSS6.3AI score0.00754EPSS
Exploits0References6
CVE
CVE
added 2025/02/14 7:37 p.m.314 views

CVE-2025-25290

CVE-2025-25290 affects Octokit’s request.js: the code path that parses HTTP Link headers uses an unbounded RegExp (/]+)>; rel="deprecation"/) to match deprecation links. This enables a ReDoS (Regular Expression Denial of Service) by crafted link headers, causing high CPU use and potential serv...

5.3CVSS6.3AI score0.00754EPSS
Exploits0References6
OSV
OSV
added 2025/02/14 7:37 p.m.13 views

CVE-2025-25290 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...

5.3CVSS6.4AI score0.00754EPSS
Exploits0References8
Rows per page
Query Builder