CVE-2021-29506

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-29506

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-29506.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-29506

Aliases

GHSA-hf44-3mx6-vhhw

Related

GHSA-hf44-3mx6-vhhw

Published

2021-05-13T19:15:07Z

Modified

2025-10-15T12:48:15.076376Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix: https://github.com/graphhopper/graphhopper/pull/2304

References

Affected packages

Git / github.com/graphhopper/graphhopper

Affected ranges

Type: GIT
Repo: https://github.com/graphhopper/graphhopper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

eb189be1fa7443ebf4ae881e737a18f818c95f41

Affected versions

0.*

0.10.0

0.10.0-RC1

0.10.alpha1

0.10.alpha3

0.10.alpha4

0.10.alpha5

0.10.alpha6

0.10.alpha7

0.11.0

0.11.0-pre1

0.11.0-pre2

0.11.0-pre3

0.11.0-pre4

0.11.0-pre5

0.11.0-pre6

0.12.0-pre

0.12.0-pre1

0.12.0-pre2

0.12.0-pre3

0.12.0-pre5

0.12.0-pre6

0.13.0

0.13.0-pre1

0.13.0-pre10

0.13.0-pre11

0.13.0-pre12

0.13.0-pre13

0.13.0-pre14

0.13.0-pre16

0.13.0-pre17

0.13.0-pre18

0.13.0-pre19

0.13.0-pre2

0.13.0-pre3

0.13.0-pre4

0.13.0-pre5

0.13.0-pre6

0.13.0-pre7

0.13.0-pre8

0.13.0-pre9

0.14.0-pre1

1.*

1.0

1.0-pre1

1.0-pre10

1.0-pre11

1.0-pre12

1.0-pre13

1.0-pre14

1.0-pre15

1.0-pre16

1.0-pre17

1.0-pre18

1.0-pre19

1.0-pre2

1.0-pre20

1.0-pre21

1.0-pre22

1.0-pre23

1.0-pre24

1.0-pre25

1.0-pre26

1.0-pre27

1.0-pre28

1.0-pre29

1.0-pre3

1.0-pre30

1.0-pre31

1.0-pre32

1.0-pre33

1.0-pre33.2

1.0-pre33.3

1.0-pre33.4

1.0-pre34

1.0-pre35

1.0-pre36

1.0-pre37

1.0-pre38

1.0-pre39

1.0-pre4

1.0-pre40

1.0-pre41

1.0-pre42

1.0-pre43

1.0-pre5

1.0-pre6

1.0-pre7

1.0-pre7.1

1.0-pre8

1.0-pre9

2.*

2.0

2.0-pre1

2.0-pre2

2.0-pre3

3.*

3.0-pre1

3.0-pre2

3.0-pre3

3.0-pre4

Other

stable

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "36142885775801880923327535353616592987",
            "length": 411.0
        },
        "target": {
            "function": "getPointsFromRequest",
            "file": "navigation/src/main/java/com/graphhopper/navigation/NavigateResource.java"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/graphhopper/graphhopper/commit/eb189be1fa7443ebf4ae881e737a18f818c95f41",
        "id": "CVE-2021-29506-7ef0e41e"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "189626477168851777122880960144033487883",
                "137275567613185398488357888955700532385",
                "327134461445047257875801787977154168807",
                "323202411778049434703774547551118540250",
                "212398785548982498557687372389225794540",
                "185973443862456284605407239049739654715",
                "259759268823146020648102035072435108275"
            ]
        },
        "target": {
            "file": "navigation/src/main/java/com/graphhopper/navigation/NavigateResource.java"
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/graphhopper/graphhopper/commit/eb189be1fa7443ebf4ae881e737a18f818c95f41",
        "id": "CVE-2021-29506-c7eec5f0"
    }
]