CVE-2020-26304: Foundation Regular Expression Denial of Service vulnerability

October 26, 2024 (updated November 13, 2024)

Foundation is a front-end framework. Versions 6.3.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any fixes are available.

References

github.com/advisories/GHSA-p8pc-3f7w-jr5q
github.com/foundation/foundation-sites
github.com/foundation/foundation-sites/issues/12180
nvd.nist.gov/vuln/detail/CVE-2020-26304
securitylab.github.com/advisories/GHSL-2020-290-redos-foundation-sites

Code Behaviors & Features

Detect and mitigate CVE-2020-26304 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →