Regular Expression Denial Of Service (ReDoS)

🗓️ 17 Feb 2023 02:40:04Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 27 Views

undici software ReDoS vulnerability in headerValueNormalize functio

Reporter	Title	Published	Views	Family All 148
ALT Linux	Security fix for the ALT Linux 10 package node version 16.19.1-alt1	22 Mar 202300:00	–	altlinux
IBM Security Bulletins	Security Bulletin: IBM Cognos Controller is affected by vulnerabilities	15 Apr 202503:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Db2® Graph	24 Apr 202322:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor	1 Mar 202309:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in Node.js (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149)	22 Jun 202320:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Node.js	28 Jun 202320:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple vulnerabilities	2 Oct 202410:07	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities	20 Oct 202317:07	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to Node.js	23 Jun 202310:35	–	ibm
IBM Security Bulletins	Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js	3 Apr 202315:27	–	ibm

Vulners

Node

nodejs nodejsMatch18.12.1-r0js

AND

nodejs nodejsMatch16.13.1-r0js

AND

nodejs nodejsMatch16.17.1-r0js

AND

nodejs nodejsMatch16.14.2-r0js

AND

nodejs nodejsMatch12.17.0-r0js

AND

nodejs nodejsMatch16.16.0-r0js

AND

nodejs nodejsMatch16.14.2-r1js

AND

nodejs nodejsMatch16.17.0-r0js

AND

nodejs nodejsMatch16.15.0-r1js

AND

nodejs nodejsMatch14.16.0-r0js

AND

nodejs nodejsMatch16.13.1-r1js

AND

nodejs nodejsMatch14.18.1-r1js

AND

nodejs nodejsMatch14.18.0-r0js

AND

nodejs nodejsMatch14.17.6-r0js

AND

nodejs nodejsMatch12.16.2-r0js

AND

nodejs nodejsMatch14.17.0-r0js

AND

nodejs nodejsMatch16.18.0-r1js

AND

nodejs nodejsMatch16.13.2-r1js

AND

nodejs nodejsMatch16.15.0-r0js

AND

nodejs nodejsMatch14.16.1-r2js

AND

nodejs nodejsMatch14.17.3-r0js

AND

nodejs nodejsMatch14.17.2-r0js

AND

nodejs nodejsMatch12.15.0-r1js

AND

nodejs nodejsMatch16.16.0-r1js

AND

nodejs nodejsMatch18.14.0-r0js

AND

nodejs nodejsMatch14.17.4-r0js

AND

nodejs nodejsMatch14.17.6-r1js

AND

nodejs nodejsMatch14.17.1-r0js

AND

nodejs nodejsMatch14.16.0-r1js

AND

nodejs nodejsMatch18.13.0-r0js

AND

nodejs nodejsMatch16.13.2-r0js

AND

nodejs nodejsMatch14.17.5-r0js

AND

alpinelinux alpine_linuxMatchedge

nodejs nodejsMatch16.14.2-r1js

AND

nodejs nodejsMatch16.15.0-r0js

AND

nodejs nodejsMatch16.15.0-r1js

AND

nodejs nodejsMatch16.16.0-r0js

AND

nodejs nodejsMatch16.17.1-r0js

AND

alpinelinux alpine_linuxMatch3.16

nodejs nodejsMatch16.13.2-r0js

AND

nodejs nodejsMatch16.14.0-r0js

AND

nodejs nodejsMatch16.13.0-r0js

AND

nodejs nodejsMatch14.18.1-r1js

AND

nodejs nodejsMatch16.17.1-r0js

AND

nodejs nodejsMatch16.14.2-r0js

AND

nodejs nodejsMatch16.16.0-r0js

AND

nodejs nodejsMatch16.13.1-r0js

AND

alpinelinux alpine_linuxMatch3.15

nodejs nodejsMatch18.12.1-r0js

AND

nodejs nodejsMatch16.18.0-r1js

AND

alpinelinux alpine_linuxMatch3.17

nodejs undiciRange5.6.0–5.19.0js

nodejs undiciRange5.10.0–5.14.0js

Source	Link
github	www.github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf
github	www.github.com/nodejs/undici/releases/tag/v5.19.1
github	www.github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
hackerone	www.hackerone.com/bugs
security	www.security.netapp.com/advisory/ntap-20230324-0010/

24 Feb 2023 19:52Current

7.3High risk

Vulners AI Score7.3

CVSS 3.17.5

EPSS0.00305

SSVC