SB2024022714 - ReDos in Showdownjs
Published: February 27, 2024
Security Bulletin ID
SB2024022714
Severity
Medium
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Inefficient regular expression complexity (CVE-ID: CVE-2024-1899)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in subparser when processing links with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.