CVE-2023-26103
- Reference to the description:
- Description:
- Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to significantly slow down a web socket server.
- Last updated date:
- 03/07/2023
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 03/07/2023
- Reference url to background