CommonRegexJS is a CommonRegex port for JavaScript. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.
History

Wed, 13 Nov 2024 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:talyssonoc:commonregexjs:*:*:*:*:*:node.js:*:*
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Mon, 28 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Talyssonoc
Talyssonoc commonregexjs
CPEs cpe:2.3:a:talyssonoc:commonregexjs:*:*:*:*:*:*:*:*
Vendors & Products Talyssonoc
Talyssonoc commonregexjs
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 26 Oct 2024 20:45:00 +0000

Type Values Removed Values Added
Description CommonRegexJS is a CommonRegex port for JavaScript. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.
Title GHSL-2020-291: Regular Expression Denial of Service (ReDoS) in CommonRegexJS
Weaknesses CWE-1333
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Green'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-10-26T20:26:16.039Z

Updated: 2024-10-28T14:52:45.497Z

Reserved: 2020-10-01T00:00:00.000Z

Link: CVE-2020-26305

cve-icon Vulnrichment

Updated: 2024-10-28T14:52:38.729Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-26T21:15:13.783

Modified: 2024-11-13T20:00:51.330

Link: CVE-2020-26305

cve-icon Redhat

No data.