CVE-2024-25355 - Vulnerability Details - OpenCVE

s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00188.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
Github GHSA	GHSA-r4q9-xx5g-j24p	s3-url-parser vulnerable to Denial of Service via regexes component

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://gist.github.com/6en6ar/a4977866c59cbcfc716f0f2717b812bf

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-05-01T00:00:00

Updated: 2024-08-01T23:44:08.608Z

Reserved: 2024-02-07T00:00:00

Link: CVE-2024-25355

Vulnrichment

Updated: 2024-08-01T23:44:08.608Z

NVD

Status : Awaiting Analysis

Published: 2024-05-01T19:15:22.283

Modified: 2024-11-21T09:00:40.430

Link: CVE-2024-25355

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-400

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-25355", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-01T23:44:08.608Z", "dateReserved": "2024-02-07T00:00:00", "datePublished": "2024-05-01T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-01T18:34:47.271743"}, "descriptions": [{"lang": "en", "value": "s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gist.github.com/6en6ar/a4977866c59cbcfc716f0f2717b812bf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-25355", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-02T17:48:29.703923Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:s3-url-parser:s3-url-parser:1.0.3:*:*:*:*:*:*:*"], "vendor": "s3-url-parser", "product": "s3-url-parser", "versions": [{"status": "affected", "version": "1.0.3"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:35:43.421Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:44:08.608Z"}, "title": "CVE Program Container", "references": [{"url": "https://gist.github.com/6en6ar/a4977866c59cbcfc716f0f2717b812bf", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gist.github.com/6en6ar/a4977866c59cbcfc716f0f2717b812bf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:44:08.608Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-25355", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-02T17:48:29.703923Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:s3-url-parser:s3-url-parser:1.0.3:*:*:*:*:*:*:*"], "vendor": "s3-url-parser", "product": "s3-url-parser", "versions": [{"status": "affected", "version": "1.0.3"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-02T17:48:14.540Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gist.github.com/6en6ar/a4977866c59cbcfc716f0f2717b812bf"}], "descriptions": [{"lang": "en", "value": "s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-01T18:34:47.271743"}}}, "cveMetadata": {"cveId": "CVE-2024-25355", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:44:08.608Z", "dateReserved": "2024-02-07T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-05-01T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}