DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-52798

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-52798

CGA ID

CGA-h864-qfx6-rqww

Summary

Unpatched path-to-regexp ReDoS in 0.1.x

Description

Impact

The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp, originally reported in CVE-2024-45296

Patches

Upgrade to 0.1.12.

Workarounds

Avoid using two parameters within a single path segment, when the separator is not . (e.g. no /:a-:b). Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking.

References

  • https://github.com/advisories/GHSA-9wv6-86v2-598j
  • https://blakeembrey.com/posts/2024-09-web-redos/

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images