← voltar
CVE-2020-26310

GHSL-2020-305: Regular Expression Denial of Service (ReDoS) in Pure JavaScript HTML5 Parser

CVSS 8.7 HIGHEPSS 0.4%CWE-1333
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.7EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
26 out 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Validate.js provides a declarative way of validating javascript objects. All versions as of 30 November 2020 contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any patches are available.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Green
Produtos afetados
blowsie · Pure-JavaScript-HTML5-Parser

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/blowsie/Pure-JavaScript-HTML5-Parser/issues/14https://securitylab.github.com/advisories/GHSL-2020-305-redos-Pure-JavaScript-HTML5-Parser/