7.5
CVSS V3
Status
Fixed version
5.1.1-r0Status
Impact
This CVE is not able to be remediated at this time as upgrading to path-to-regexp v0.1.12 introduces breaking changes. v0.1.12 is an attempt to fix backtracking (again) seen here: https://github.com/pillarjs/path-to-regexp/releases/tag/v0.1.12 this causes internal test failures that were remediated in v0.1.10: https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j Upstream maintainers of tileserver-gl need to fix the regex used in their internal testing to remediate.
Status