CVE-2024-45813
CVSS V2 None
CVSS V3 None
Description
find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, like `/:a-:b-`. This may cause a denial of service in some instances. Users are advised to update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. There are no known workarounds for this issue.
Overview
- CVE ID
- CVE-2024-45813
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-18T16:47:57.138Z
- Last Modified Date
- 2024-09-18T18:07:10.935Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6 | x_refsource_CONFIRM |
| https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440 | x_refsource_MISC |
| https://blakeembrey.com/posts/2024-09-web-redos | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-45813 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45813 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-10-06 04:21:03 | Added to TrackCVE |