First published: Fri Nov 17 2023(Updated: )
git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in urls.go.
git-urls version 1.0.1 is vulnerable to ReDOS (Regular Expression Denial of Service) in Go package.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Git-urls Project Git-urls | =1.0.1 | |
go/github.com/whilp/git-urls | <=1.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-46402 is a vulnerability in git-urls version 1.0.1 that allows for Regular Expression Denial of Service (ReDOS) attacks.
The vulnerability in git-urls version 1.0.1 occurs due to an issue with regular expressions in the Go package, which can be exploited for ReDOS attacks.
ReDOS is a type of cyber attack that targets the regular expression processing engine, causing it to become unresponsive and leading to a denial of service condition.
You can check the version of git-urls installed by running the appropriate command for your package manager, such as 'go list -m github.com/whilp/git-urls'.
To fix the vulnerability, update git-urls to a version that is not affected by the ReDOS vulnerability, such as version 1.0.2 or above.