Headline

GHSA-c33w-24p9-8m24: configobj ReDoS exploitable by developer using values in a server-side configuration file

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)((.*)). Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.

1 year ago

ghsa

Open in Source

#dos #git

configobj ReDoS exploitable by developer using values in a server-side configuration file

Low severity GitHub Reviewed Published Apr 3, 2023 to the GitHub Advisory Database • Updated Apr 4, 2023

Related news

Ubuntu Security Notice USN-7040-1

Ubuntu Security Notice 7040-1 - It was discovered that ConfigObj contains regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue to cause a regular expression denial of service.

10 days ago

Packet Storm

Open in Source

#vulnerability #ubuntu #dos

CVE-2023-26112: Snyk Vulnerability Database | Snyk

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.

1 year ago

CVE

Open in Source

#vulnerability #mac #ddos #dos #git