Inefficient Regular Expression Complexity in org.webjars.npm:parse-uri

CVE-2024-36751

org.webjars.npm:parse-uri
org.webjars.npm:parseuri
parse-uri
parseuri

Medium

6.9/10

Summary

An issue in parse-uri versions prior to 1.0.11 and parseuri versions prior to 3.0.1 allows attackers to cause a Regular expression Denial of Service (ReDoS) via a crafted URL.

Attack Complexity: LOW
Attack Vector: NETWORK
User Interaction: NONE
Privileges Required: NONE

CWE-1333 - Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References

Advisory
Issue
Disclosure
Pull request

Advisory Timeline

Published Jan 15, 2025

Inefficient Regular Expression Complexity in org.webjars.npm:parse-uri

CVE-2024-36751

Summary

CWE-1333 - Inefficient Regular Expression Complexity

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS