CVE-2024-52798
ADVISORY - githubSummary
Impact
The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp, originally reported in CVE-2024-45296
Patches
Upgrade to 0.1.12.
Workarounds
Avoid using two parameters within a single path segment, when the separator is not . (e.g. no /:a-:b). Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking.
References
EPSS Score: 0.00043 (0.109)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Inefficient Regular Expression Complexity
ADVISORY - github
Inefficient Regular Expression Complexity
NIST
CREATED
UPDATED
ADVISORY IDCVE-2024-52798
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.7highGitHub
CREATED
UPDATED
ADVISORY IDGHSA-rhx6-c78j-4q9w
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
N/AmediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2024-52798
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2024-52798
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-wwx6-ggqg-hrxj
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-vjmv-g97f-36p7
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-v9wp-w3c5-8v64
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-3q69-c424-w54c
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-