mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-09-17 18:45:49 +00:00
68 lines
2.8 KiB
JSON
68 lines
2.8 KiB
JSON
{
|
|
"id": "CVE-2025-25285",
|
|
"sourceIdentifier": "security-advisories@github.com",
|
|
"published": "2025-02-14T20:15:34.487",
|
|
"lastModified": "2025-02-14T20:15:34.487",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific `options` parameters, the `endpoint.parse(options)` call can be triggered, leading to a regular expression denial-of-service (ReDoS) attack. This causes the program to hang and results in high CPU utilization. The issue occurs in the `parse` function within the `parse.ts` file of the npm package `@octokit/endpoint`. Version 10.1.3 contains a patch for the issue."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "@octokit/endpoint convierte los endpoints de la API REST en opciones de solicitud gen\u00e9ricas. A partir de la versi\u00f3n 4.1.0 y antes de la versi\u00f3n 10.1.3, al crear par\u00e1metros `options` espec\u00edficos, se puede activar la llamada `endpoint.parse(options)`, lo que lleva a un ataque de denegaci\u00f3n de servicio de expresi\u00f3n regular (ReDoS). Esto hace que el programa se cuelgue y da como resultado un alto uso de la CPU. El problema ocurre en la funci\u00f3n `parse` dentro del archivo `parse.ts` del paquete npm `@octokit/endpoint`. La versi\u00f3n 10.1.3 contiene un parche para el problema."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "security-advisories@github.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "LOW"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 1.4
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "security-advisories@github.com",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-1333"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/octokit/endpoint.js/blob/main/src/parse.ts",
|
|
"source": "security-advisories@github.com"
|
|
},
|
|
{
|
|
"url": "https://github.com/octokit/endpoint.js/commit/6c9c5be033c450d436efb37de41b6470c22f7db8",
|
|
"source": "security-advisories@github.com"
|
|
},
|
|
{
|
|
"url": "https://github.com/octokit/endpoint.js/security/advisories/GHSA-x4c5-c7rf-jjgv",
|
|
"source": "security-advisories@github.com"
|
|
}
|
|
]
|
|
} |