CVE-2021-43805 - OpenCVE

Vendors	Products
Nebulab	Solidus

Link	Providers
https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401
https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9

{"containers": {"cna": {"affected": [{"product": "solidus", "vendor": "solidusio", "versions": [{"status": "affected", "version": ">= 3.1.0, < 3.1.4"}, {"status": "affected", "version": ">= 3.0.0, < 3.0.4"}, {"status": "affected", "version": "< 2.11.13"}]}], "descriptions": [{"lang": "en", "value": "Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1333", "description": "CWE-1333: Inefficient Regular Expression Complexity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-07T17:25:09", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401"}], "source": {"advisory": "GHSA-qxmr-qxh6-2cc9", "discovery": "UNKNOWN"}, "title": "ReDos vulnerability on guest checkout email validation", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-43805", "STATE": "PUBLIC", "TITLE": "ReDos vulnerability on guest checkout email validation"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "solidus", "version": {"version_data": [{"version_value": ">= 3.1.0, < 3.1.4"}, {"version_value": ">= 3.0.0, < 3.0.4"}, {"version_value": "< 2.11.13"}]}}]}, "vendor_name": "solidusio"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-1333: Inefficient Regular Expression Complexity"}]}]}, "references": {"reference_data": [{"name": "https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9", "refsource": "CONFIRM", "url": "https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9"}, {"name": "https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401", "refsource": "MISC", "url": "https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401"}]}, "source": {"advisory": "GHSA-qxmr-qxh6-2cc9", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:03:08.816Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-43805", "datePublished": "2021-12-07T17:25:09", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-08-04T04:03:08.816Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA9F9CA3-5DF3-4DF8-844C-B4C4E261D09A", "versionEndExcluding": "2.11.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCC7D340-52C4-4FB7-810F-4B87ED7A470D", "versionEndExcluding": "3.0.4", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*", "matchCriteriaId": "E708A7C2-F76F-45D7-91F5-A6F480295521", "versionEndExcluding": "3.1.4", "versionStartIncluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity."}, {"lang": "es", "value": "Solidus es una plataforma de comercio electr\u00f3nico gratuita y de c\u00f3digo abierto construida sobre Rails. Las versiones de Solidus anteriores a la 3.1.4, 3.0.4 y 2.11.13 tienen una vulnerabilidad de denegaci\u00f3n de servicio que podr\u00eda ser explotada durante un pedido de invitados. La expresi\u00f3n regular usada para comprender el correo electr\u00f3nico de un pedido de invitado estaba sujeta a un retroceso exponencial a trav\u00e9s de un fragmento como `a.a.` Las versiones 3.1.4, 3.0.4 y 2.11.13 han sido parcheadas para usar una expresi\u00f3n regular diferente. Los mantenedores han a\u00f1adido una comprobaci\u00f3n de las direcciones de correo electr\u00f3nico que ya no son v\u00e1lidas que imprimir\u00e1 informaci\u00f3n sobre los pedidos afectados que se presentan. Si una actualizaci\u00f3n inmediata no es una opci\u00f3n, se presenta una soluci\u00f3n disponible. Es posible editar el archivo \"config/application.rb\" manualmente (con el c\u00f3digo proporcionado por los mantenedores en el aviso de seguridad de GitHub) para comprobar la validez del correo electr\u00f3nico"}], "id": "CVE-2021-43805", "lastModified": "2021-12-08T17:30:09.063", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Primary"}]}, "published": "2021-12-07T18:15:07.407", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1333"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object