CVE-2024-52798

Dec. 5, 2024, 11:15 p.m.

None
No Score

Description

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296.

Product(s) Impacted

Product Versions
path-to-regexp
  • ['0.1.12']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1333
Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References

https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4
https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w

Tags

security-advisories@github.com
CWE-1333
2024-12-05
CVE-2024-52798

Timeline

Published: Dec. 5, 2024, 11:15 p.m.
Last Modified: Dec. 5, 2024, 11:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.