21 matches found
EUVD-2020-1460
Malware in sbrugna...
The vulnerability of the HTTP router Find my Way, related to the use of a regular expression c with inefficient computational complexity, allows a hacker to trigger a Denial-of-Service attack (ReDos).
The vulnerability of the HTTP router Find my Way is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability can allow a remote attacker to trigger a denial-of-service attack ReDos...
CVE-2024-45813
A regular expression denial of service ReDoS flaw was found in find-my-way. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, such as /:a-:b-. This issue may cause a denial of service in some instances. Mitigation Mitigation...
CVE-2024-45813 ReDoS vulnerability in multiparametric routes in find-my-way
find-my-way is a fast, open source HTTP router, internally using a Radix Tree aka compact Prefix Tree, supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, like...
CVE-2024-45813 ReDoS vulnerability in multiparametric routes in find-my-way
find-my-way is a fast, open source HTTP router, internally using a Radix Tree aka compact Prefix Tree, supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, like...
CVE-2024-45813 ReDoS vulnerability in multiparametric routes in find-my-way
find-my-way is a fast, open source HTTP router, internally using a Radix Tree aka compact Prefix Tree, supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, like...
CVE-2024-45813
CVE-2024-45813 affects the find-my-way HTTP router. A bad regular expression is generated when two parameters exist within a single segment, notably with a trailing dash (e.g., ":/a-:b-"). This can lead to a Denial of Service in some cases. Affected versions require upgrade to find-my-way v8.2.2 ...
find-my-way has a ReDoS vulnerability in multiparametric routes
Impact A bad regular expression is generated any time you have two parameters within a single segment, when adding a - at the end, like /:a-:b-. Patches Update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. Workarounds No known workarounds. References - CVE-2024-45296 - Detailed blog po...
@667/restify (=9.0.0-1), @aeppic/install-build-server (>=2.0.0 <=2.44.0) +938 more potentially affected by CVE-2024-45813 via find-my-way (>=5.6.0 <=8.2.0)
find-my-way NPM version =5.6.0, =2.0.0, =3.0.0, =1.0.1, =1.0.0, =2.0.0, =0.0.0-dev.1739244769735, =0.0.0-dev.1739244769735, =2.0.0, =0.0.0-dev.1757040677030, =0.0.0-dev.1739244769735, =0.0.1, =1.6.0, =1.3.1, =3.0.7 and more Source cves: CVE-2024-45813 Source advisory: OSV:GHSA-RRR8-F88R-H8Q6...
GHSA-RRR8-F88R-H8Q6 find-my-way has a ReDoS vulnerability in multiparametric routes
Impact A bad regular expression is generated any time you have two parameters within a single segment, when adding a - at the end, like /:a-:b-. Patches Update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. Workarounds No known workarounds. References - CVE-2024-45296 - Detailed blog po...
find-my-way 安全漏洞
find-my-way is an NPM codebase from the Delvedor team that provides routing functionality. A security vulnerability exists in find-my-way, which stems from the fact that whenever there are two parameters in a single segment, an incorrect regular expression is generated, which may result in a deni...
GHSA-JGRH-5M3H-9C5F Web Cache Poisoning in find-my-way
This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack...
Web Cache Poisoning in find-my-way
This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack...
46c-sector (>=1.0.0 <=1.2.1), @0x0/restify (>=7.2.1 <=7.2.3) +331 more potentially affected by CVE-2020-7764 via find-my-way (>=0.2.4 <=2.1.0)
find-my-way NPM version =0.2.4, =1.0.0, =7.2.1, =2.0.0-rc7.0.5, =0.0.1, =0.9.6, =0.3.0, =0.2.0, =2.0.0, =1.0.0, =0.1.0, =0.1.0, =1.0.13-beta, =2.3.1 and more Source cves: CVE-2020-7764 Source advisory: OSV:GHSA-JGRH-5M3H-9C5F...
CVE-2020-7764
This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack...
CVE-2020-7764
This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack...
Design/Logic Flaw
This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack...
CVE-2020-7764 Web Cache Poisoning
This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack...
CVE-2020-7764
CVE-2020-7764 affects find-my-way prior to 2.2.5 and from 3.0.0 up to 3.0.5, enabling denial-of-service via Accept-Version header that can be used in a cache-poisoning attack. Connected docs confirm affected versions and describe the impact as DoS through web cache poisoning. IBM CP4S remediation...
@medley/medley (>=0.11.0 <=0.12.1), @nova/azure-functions (>=0.3.0 <=0.3.3) +1 more potentially affected by CVE-2020-7764 via find-my-way (>=2.0.1 <=2.1.0)
find-my-way NPM version =2.0.1, =0.11.0, =0.3.0, =1.0.0, =1.1.0 Source cves: CVE-2020-7764 Source advisory: SNYK:JS-FINDMYWAY-1038269...