Regular Expression Denial of Service in git-urls by 6en6ar
CVE-2023-46402

7.5HIGH

Key Information:

Vendor: Git-urls Project
Status: Git-urls
Vendor: CVE Published:; 18 November 2023

🔔 Create Git-urls Project Vulnerability Alert

What is CVE-2023-46402?

The git-urls package, version 1.0.0, is susceptible to a Regular Expression Denial of Service (ReDOS) attack. This vulnerability arises from poorly constructed regular expressions in urls.go, which can cause excessive backtracking and lead to performance degradation. Attackers can exploit this vulnerability to cause denial-of-service conditions, impairing the functionality of applications that depend on this library. It is crucial for developers using git-urls to update their libraries and adopt best practices in regex implementation to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://gist.github.com/6en6ar/7c2424c93e7fbf2b6fc44e7fb9...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2023
Vulnerability Reserved
Oct 23, 2023

JSON

Git-urls Project

What is CVE-2023-46402?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.