GHSA-cmhx-cq75-c4mj

Source

https://github.com/advisories/GHSA-cmhx-cq75-c4mj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-cmhx-cq75-c4mj/GHSA-cmhx-cq75-c4mj.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-cmhx-cq75-c4mj

Aliases

CVE-2019-0820

Published

2021-08-04T21:03:46Z

Modified

2023-11-01T04:49:46.550521Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Regular Expression Denial of Service in System.Text.RegularExpressions

Details

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.

Database specific

{
    "nvd_published_at": "2019-05-16T19:29:00Z",
    "github_reviewed_at": "2021-08-04T21:03:27Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-1333",
        "CWE-400"
    ]
}

References

Affected packages

NuGet / System.Text.RegularExpressions

Package

Name: System.Text.RegularExpressions; View open source insights on deps.dev
Purl: pkg:nuget/System.Text.RegularExpressions

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0