CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial
TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format
since at least 4.2.6
and prior to 5.9.14
are vulnerable to a Regular Expression Denial of Service (ReDoS) attack when parsing crafted user input. This vulnerability can be exploited by an attacker to perform DoS attacks on any service that uses any tf2-item-format
to parse user input. Version 5.9.14
contains a fix for the issue.
[
{
"cpes": [
"cpe:2.3:a:danocmx:node-tf2-item-format:*:*:*:*:*:*:*:*"
],
"vendor": "danocmx",
"product": "node-tf2-item-format",
"versions": [
{
"status": "affected",
"version": "4.2.6",
"lessThan": "5.9.14",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial