CVE-2023-32758

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-32758

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32758.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-32758

Aliases

GHSA-4xqq-73wg-5mjp

Published

2023-05-15T04:15:10Z

Modified

2024-10-12T10:56:10.340438Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package.

References

Affected packages

Git / github.com/coala/git-url-parse

Affected ranges

Type: GIT
Repo: https://github.com/coala/git-url-parse
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

a5b7db9f7509faedb740ce55fc9dc100d0dd0e83

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.1

1.2.0

1.2.1

1.2.2