CVE-2017-20162 in vercelالمعلومات

الملخص

بحسب MITRE • 09/01/2023

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is named caae2988ba2a37765d055c4eee63d383320ee662. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217451.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

VulDB

حجز

05/01/2023

إفشاء

09/01/2023

الاعتدال

تمت الموافقة

إدخال

VDB-217451

CPE

جاهز

CWE

CWE-1333 (مؤكد)

استغلال

تحميل

CVSS

5.3 (NVD)

EPSS

0.00312

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-20162
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-20162
CVE Details	https://www.cvedetails.com/cve/CVE-2017-20162/

التالي ▸نظرة عامة ◂ السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!