Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ReDoS vulnerability in multiparametric routes in find-my-way
Vulnerability Description
find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, like `/:a-:b-`. This may cause a denial of service in some instances. Users are advised to update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
CWE-1333
Vulnerability Title
find-my-way 安全漏洞
Vulnerability Description
find-my-way是Delvedor团队的一个提供路由功能的 NPM 代码库。 find-my-way存在安全漏洞,该漏洞源于只要在单个段中有两个参数,就会生成错误的正则表达式,可能会导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A