CVE-2024-45296: path-to-regexp outputs backtracking regular expressions
(updated )
In certain cases, path-to-regexp
will output a regular expression that can be exploited to cause poor performance.
References
- github.com/advisories/GHSA-9wv6-86v2-598j
- github.com/pillarjs/path-to-regexp
- github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f
- github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6
- github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j
- nvd.nist.gov/vuln/detail/CVE-2024-45296
Detect and mitigate CVE-2024-45296 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →