First published: Fri Nov 17 2023(Updated: )
git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in urls.go.
git-urls version 1.0.1 is vulnerable to ReDOS (Regular Expression Denial of Service) in Go package.
Credit: firstname.lastname@example.org email@example.com
|Affected Software||Affected Version||How to fix|
|Git-urls Project Git-urls||=1.0.1|
CVE-2023-46402 is a vulnerability in git-urls version 1.0.1 that allows for Regular Expression Denial of Service (ReDOS) attacks.
The vulnerability in git-urls version 1.0.1 occurs due to an issue with regular expressions in the Go package, which can be exploited for ReDOS attacks.
ReDOS is a type of cyber attack that targets the regular expression processing engine, causing it to become unresponsive and leading to a denial of service condition.
You can check the version of git-urls installed by running the appropriate command for your package manager, such as 'go list -m github.com/whilp/git-urls'.
To fix the vulnerability, update git-urls to a version that is not affected by the ReDOS vulnerability, such as version 1.0.2 or above.