logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2023-26103

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2023-26103

Description:
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to significantly slow down a web socket server.
Last updated date:
03/07/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
03/07/2023
Reference url to background

https://security.snyk.io/vuln/SNYK-RUST-DENO-3315970

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy