CVE-2021-4306

cronvel terminal-kit redos

CVSS 3.5 LOWEPSS 0.9%CWE-1333

Vexday Risk Score

8Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 3.5EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

07 ene 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affected is an unknown function. The manipulation leads to inefficient regular expression complexity. Upgrading to version 2.1.8 is able to address this issue. The name of the patch is a2e446cc3927b559d0281683feb9b821e83b758c. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217620.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Productos afectados

cronvel · terminal-kit

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/cronvel/terminal-kit/commit/a2e446cc3927b559d0281683feb9b821e83b758c https://github.com/cronvel/terminal-kit/releases/tag/v2.1.8 https://vuldb.com/?ctiid.217620 https://vuldb.com/?id.217620