Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
giturlparse 安全漏洞
Vulnerability Description
giturlparse是一个类似于 giturlparse.py 的简单 GIT URL 解析器。 giturlparse 1.2.2之前版本存在安全漏洞,该漏洞源于解析不受信任的 URL时,容易受到 ReDoS攻击。
CVSS Information
N/A
Vulnerability Type
N/A