Denial of Service in foreman · GHSA-xm28-fw2x-fqv2 · GitHub Advisory Database · GitHub

Denial of Service in foreman

High severity GitHub Reviewed Published May 31, 2019 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

foreman (npm)

Affected versions

< 3.0.1

Patched versions

3.0.1

Description

All versions of foreman are vulnerable to Regular Expression Denial of Service when requests to it are made with a specially crafted path.

Recommendation

Upgrade to version 3.0.1.

References

Reviewed May 31, 2019

Published to the GitHub Advisory Database May 31, 2019

Last updated Jan 9, 2023

Severity

High

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H