Regular expression denial of service in url-regex · CVE-2020-7661 · GitHub Advisory Database · GitHub

Regular expression denial of service in url-regex

High severity GitHub Reviewed Published Jun 22, 2020 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

url-regex (npm)

Affected versions

<= 5.0.0

Patched versions

None

Description

all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service.

References

Reviewed Jun 18, 2020

Published to the GitHub Advisory Database Jun 22, 2020

Last updated Jan 9, 2023

Severity

High

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H