Search CVE reports
1 – 5 of 5 results
Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial...
1 affected package
node-path-to-regexp
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| node-path-to-regexp | Not affected | Not affected | Not affected | Not affected | Not affected |
Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other...
1 affected package
node-path-to-regexp
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| node-path-to-regexp | Not affected | Not affected | Not affected | Not affected | Not affected |
Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.). For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection...
1 affected package
node-path-to-regexp
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| node-path-to-regexp | Not affected | Not affected | Not affected | Not affected | Not affected |
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to...
2 affected packages
node-path-to-regexp, node-express
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| node-path-to-regexp | Not affected | Not affected | Not affected | Not affected | Not affected |
| node-express | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 4 of 10
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex...
2 affected packages
node-path-to-regexp, node-express
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| node-path-to-regexp | Not affected | Fixed | Fixed | Fixed | Fixed |
| node-express | Needs evaluation | Not affected | Not affected | Not affected | Not affected |