CVE-2023-26112

ADVISORY - github

Summary

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)((.*)). Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.

EPSS Score⁠: 0.0007 (0.214)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-1333⁠

Inefficient Regular Expression Complexity

ADVISORY - github

CWE-1333⁠

Inefficient Regular Expression Complexity

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-1333⁠

Inefficient Regular Expression Complexity

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-1333⁠

Inefficient Regular Expression Complexity

Impacted images

Advisories

NIST

CREATED

3 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2023-26112⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1333⁠

CVSS SCORE

3.7low

GitHub

CREATED

3 years ago

UPDATED

1 year ago

ADVISORY IDGHSA-c33w-24p9-8m24⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1333⁠

CVSS SCORE

3.7low

Debian

CREATED

3 years ago

UPDATED

13 days ago

ADVISORY IDCVE-2023-26112⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

3 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2023-26112⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.9low

GitLab

CREATED

3 years ago

UPDATED

1 year ago

ADVISORY ID

CVE-2023-26112

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-1333⁠CWE-937⁠

CVSS SCORE

5.9medium

Amazon

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDALAS2-2023-2188⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Amazon

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDALAS2023-2023-254⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Red Hat

CREATED

3 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2023-26112⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1333⁠

CVSS SCORE

5.9medium

Chainguard

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY ID

CGA-9r88-r9jr-p44c

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-v673-7wpw-p4cm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

intheWild

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDCVE-2023-26112⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY ID

MINI-4hc4-rchx-5f9j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY