Skip to main content

Inefficient Regular Expression Complexity

CVE-2024-45813

Severity Medium
Score 5.3/10

Summary

The find-my-way is a fast, open-source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment when adding a "-" at the end, like "/:a-:b-". This may cause a Denial of Service (DOS) in some instances. There are no known workarounds for this issue. This issue affects find-my-way versions through 8.2.0, and 9.0.0 through 9.0.1.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • LOW

CWE-1333 - Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Advisory Timeline

  • Published