CVE-2021-29506: Uncontrolled Resource Consumption

May 19, 2021

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix: https://github.com/graphhopper/graphhopper/pull/2304

References

github.com/advisories/GHSA-hf44-3mx6-vhhw
github.com/graphhopper/graphhopper/commit/eb189be1fa7443ebf4ae881e737a18f818c95f41
github.com/graphhopper/graphhopper/pull/2304
github.com/graphhopper/graphhopper/security/advisories/GHSA-hf44-3mx6-vhhw
nvd.nist.gov/vuln/detail/CVE-2021-29506

Detect and mitigate CVE-2021-29506 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →