GHSA-hf44-3mx6-vhhw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hf44-3mx6-vhhw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-hf44-3mx6-vhhw/GHSA-hf44-3mx6-vhhw.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-hf44-3mx6-vhhw
- Aliases
- Related
- Published
- 2021-05-19T23:02:57Z
- Modified
- 2023-11-01T04:55:06.534672Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service.
- Details
-
Impact
The regex injection that may lead to Denial of Service.
Patches
Will be patched in 2.4 and 3.0
Workarounds
Versions lower than 2.x are only affected if the navigation module is added
References
See this pull request for the fix: https://github.com/graphhopper/graphhopper/pull/2304
If you have any questions or comments about this advisory please send us an Email or create a topic here.
- Database specific
{ "nvd_published_at": "2021-05-13T19:15:00Z", "github_reviewed_at": "2021-05-19T19:49:11Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-400" ] }- References
Affected packages
Maven / com.graphhopper:graphhopper-nav
Package
- Name
- com.graphhopper:graphhopper-nav
- View open source insights on deps.dev
- Purl
- pkg:maven/com.graphhopper/graphhopper-nav