漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x
Vulnerability Description
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296.
CVSS Information
N/A
Vulnerability Type
CWE-1333
Vulnerability Title
path-to-regexp 安全漏洞
Vulnerability Description
Path-to-RegExp是pillarjs开源的一个工具。用于将路径字符串转换为正则表达式。 path-to-regexp 0.1.12之前版本存在安全漏洞。攻击者利用该漏洞可以导致性能不佳。
CVSS Information
N/A
Vulnerability Type
N/A