Skip to content

git-url-parse crate vulnerable to Regular Expression Denial of Service

Low severity GitHub Reviewed Published Jun 12, 2023 to the GitHub Advisory Database • Updated Nov 9, 2023

Package

cargo git-url-parse (Rust)

Affected versions

<= 0.4.4

Patched versions

None

Description

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).

References

Published by the National Vulnerability Database Jun 12, 2023
Published to the GitHub Advisory Database Jun 12, 2023
Reviewed Jun 12, 2023
Last updated Nov 9, 2023

Severity

Low

EPSS score

0.064%
(30th percentile)

Weaknesses

CVE ID

CVE-2023-33290

GHSA ID

GHSA-qfh9-8p57-mjjj
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.