Lucene search
Veracode Vulnerability DatabaseVERACODE:40572HistoryMay 17, 2023 - 8:56 a.m.
Regular Expression Denial Of Service (ReDoS)
2023-05-1708:56:20
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
regular expression denial of service
git url parser
vulnerability
inefficient complexity
software
EPSS
0.001
Percentile
43.7%
git_url_parse is vulnerable to Regular Expression Denial Of Service (ReDoS). The vulnerability exists in git_url_parser.py which allows an attacker to send a payload in a URL which can cause an application crash due to inefficient regular expression complexity.
References
github.com/advisories/GHSA-4xqq-73wg-5mjp
github.com/coala/git-url-parse/blob/master/giturlparse/parser.py#L53
github.com/returntocorp/semgrep/commit/52d6328f1e42aad840804282e090d5f26ccb6335
github.com/returntocorp/semgrep/pull/7611
github.com/returntocorp/semgrep/pull/7943
github.com/returntocorp/semgrep/pull/7955
pypi.org/project/git-url-parse
Related
osv
osv
git-url-parse Regular Expression Denial of Service
2023-05-15 06:30:19
CVE-2023-32758
2023-05-15 04:15:10
git-url-parse crate vulnerable to Regular Expression Denial of Service
2023-06-12 15:30:28
prion
prion
Design/Logic Flaw
2023-05-15 04:15:00
Code injection
2023-06-12 13:15:00
cve
cve
CVE-2023-32758
2023-05-15 04:15:10
CVE-2023-33290
2023-06-12 13:15:10
nvd
nvd
CVE-2023-32758
2023-05-15 04:15:10
CVE-2023-33290
2023-06-12 13:15:10
cvelist
cvelist
CVE-2023-32758
2023-05-15 00:00:00
CVE-2023-33290
2023-06-12 00:00:00
github
github
git-url-parse Regular Expression Denial of Service
2023-05-15 06:30:19
git-url-parse crate vulnerable to Regular Expression Denial of Service
2023-06-12 15:30:28