Lucene search
K

21 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.18 views

EUVD-2020-1460

Malware in sbrugna...

7.5CVSS7.7AI score0.01705EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/10/04 12:0 a.m.5 views

The vulnerability of the HTTP router Find my Way, related to the use of a regular expression c with inefficient computational complexity, allows a hacker to trigger a Denial-of-Service attack (ReDos).

The vulnerability of the HTTP router Find my Way is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability can allow a remote attacker to trigger a denial-of-service attack ReDos...

5.3CVSS7.2AI score0.00674EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2024/09/18 6:47 p.m.19 views

CVE-2024-45813

A regular expression denial of service ReDoS flaw was found in find-my-way. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, such as /:a-:b-. This issue may cause a denial of service in some instances. Mitigation Mitigation...

7.5CVSS6.6AI score0.00674EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/09/18 4:47 p.m.43 views

CVE-2024-45813 ReDoS vulnerability in multiparametric routes in find-my-way

find-my-way is a fast, open source HTTP router, internally using a Radix Tree aka compact Prefix Tree, supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, like...

5.3CVSS0.00674EPSS
Exploits0References3
OSV
OSV
added 2024/09/18 4:47 p.m.28 views

CVE-2024-45813 ReDoS vulnerability in multiparametric routes in find-my-way

find-my-way is a fast, open source HTTP router, internally using a Radix Tree aka compact Prefix Tree, supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, like...

5.3CVSS8.5AI score0.00674EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/09/18 4:47 p.m.21 views

CVE-2024-45813 ReDoS vulnerability in multiparametric routes in find-my-way

find-my-way is a fast, open source HTTP router, internally using a Radix Tree aka compact Prefix Tree, supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, like...

5.3CVSS6.8AI score0.00674EPSS
Exploits0References3
CVE
CVE
added 2024/09/18 4:47 p.m.90 views

CVE-2024-45813

CVE-2024-45813 affects the find-my-way HTTP router. A bad regular expression is generated when two parameters exist within a single segment, notably with a trailing dash (e.g., ":/a-:b-"). This can lead to a Denial of Service in some cases. Affected versions require upgrade to find-my-way v8.2.2 ...

5.3CVSS6.9AI score0.00674EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/09/18 3:52 p.m.47 views

find-my-way has a ReDoS vulnerability in multiparametric routes

Impact A bad regular expression is generated any time you have two parameters within a single segment, when adding a - at the end, like /:a-:b-. Patches Update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. Workarounds No known workarounds. References - CVE-2024-45296 - Detailed blog po...

5.3CVSS6.5AI score0.00674EPSS
Exploits0References8Affected Software1
vulnersOsv
vulnersOsv
added 2024/09/18 3:52 p.m.10 views

@667/restify (=9.0.0-1), @aeppic/install-build-server (>=2.0.0 <=2.44.0) +938 more potentially affected by CVE-2024-45813 via find-my-way (>=5.6.0 <=8.2.0)

find-my-way NPM version =5.6.0, =2.0.0, =3.0.0, =1.0.1, =1.0.0, =2.0.0, =0.0.0-dev.1739244769735, =0.0.0-dev.1739244769735, =2.0.0, =0.0.0-dev.1757040677030, =0.0.0-dev.1739244769735, =0.0.1, =1.6.0, =1.3.1, =3.0.7 and more Source cves: CVE-2024-45813 Source advisory: OSV:GHSA-RRR8-F88R-H8Q6...

5.3CVSS6.5AI score0.00674EPSS
Exploits0
OSV
OSV
added 2024/09/18 3:52 p.m.45 views

GHSA-RRR8-F88R-H8Q6 find-my-way has a ReDoS vulnerability in multiparametric routes

Impact A bad regular expression is generated any time you have two parameters within a single segment, when adding a - at the end, like /:a-:b-. Patches Update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. Workarounds No known workarounds. References - CVE-2024-45296 - Detailed blog po...

8.7CVSS6.4AI score0.00674EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/09/18 12:0 a.m.4 views

find-my-way 安全漏洞

find-my-way is an NPM codebase from the Delvedor team that provides routing functionality. A security vulnerability exists in find-my-way, which stems from the fact that whenever there are two parameters in a single segment, an incorrect regular expression is generated, which may result in a deni...

5.3CVSS8.4AI score0.00674EPSS
Exploits0References4
OSV
OSV
added 2020/11/09 10:17 p.m.17 views

GHSA-JGRH-5M3H-9C5F Web Cache Poisoning in find-my-way

This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack...

5.9CVSS7.3AI score0.01705EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2020/11/09 10:17 p.m.65 views

Web Cache Poisoning in find-my-way

This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack...

7.5CVSS3.9AI score0.01705EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2020/11/09 10:17 p.m.3 views

46c-sector (>=1.0.0 <=1.2.1), @0x0/restify (>=7.2.1 <=7.2.3) +331 more potentially affected by CVE-2020-7764 via find-my-way (>=0.2.4 <=2.1.0)

find-my-way NPM version =0.2.4, =1.0.0, =7.2.1, =2.0.0-rc7.0.5, =0.0.1, =0.9.6, =0.3.0, =0.2.0, =2.0.0, =1.0.0, =0.1.0, =0.1.0, =1.0.13-beta, =2.3.1 and more Source cves: CVE-2020-7764 Source advisory: OSV:GHSA-JGRH-5M3H-9C5F...

7.5CVSS7.1AI score0.01705EPSS
Exploits0
OSV
OSV
added 2020/11/08 4:15 p.m.19 views

CVE-2020-7764

This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack...

7.5CVSS6.6AI score
Exploits0References2
NVD
NVD
added 2020/11/08 4:15 p.m.28 views

CVE-2020-7764

This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack...

7.5CVSS6.4AI score0.01705EPSS
Exploits0References2
Prion
Prion
added 2020/11/08 4:15 p.m.13 views

Design/Logic Flaw

This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack...

5CVSS7.3AI score0.01705EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/11/08 3:50 p.m.28 views

CVE-2020-7764 Web Cache Poisoning

This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack...

5.9CVSS7.5AI score0.01705EPSS
Exploits0References2
CVE
CVE
added 2020/11/08 3:50 p.m.99 views

CVE-2020-7764

CVE-2020-7764 affects find-my-way prior to 2.2.5 and from 3.0.0 up to 3.0.5, enabling denial-of-service via Accept-Version header that can be used in a cache-poisoning attack. Connected docs confirm affected versions and describe the impact as DoS through web cache poisoning. IBM CP4S remediation...

7.5CVSS6.3AI score0.01705EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2020/11/03 3:33 p.m.10 views

@medley/medley (>=0.11.0 <=0.12.1), @nova/azure-functions (>=0.3.0 <=0.3.3) +1 more potentially affected by CVE-2020-7764 via find-my-way (>=2.0.1 <=2.1.0)

find-my-way NPM version =2.0.1, =0.11.0, =0.3.0, =1.0.0, =1.1.0 Source cves: CVE-2020-7764 Source advisory: SNYK:JS-FINDMYWAY-1038269...

7.5CVSS7.1AI score0.01705EPSS
Exploits0
Rows per page
Query Builder