CVE-2021-27293: Incorrect Comparison

July 12, 2021 (updated September 9, 2021)

RestSharp uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.

References

nvd.nist.gov/vuln/detail/CVE-2021-27293

Code Behaviors & Features

Detect and mitigate CVE-2021-27293 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →