CVE-2020-36830

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Sep 2, 2024
Updated: Sep 5, 2024
CWE ID 1333

Summary

CVE-2020-36830 is a vulnerability identified in the nescalante urlregex library, specifically versions up to 0.5.0, which affects the processing of the index.js file within its Backtracking component. This vulnerability allows for inefficient regular expression complexity and can be exploited remotely, posing a high risk to organizations as it may lead to denial of service due to high resource consumption. To remediate this issue, users are advised to upgrade to version 0.5.1, which includes a patch identified by commit e5a085afe6abfaea1d1a78f54c45af9ef43ca1f9. The exploit has been publicly disclosed, increasing the urgency for affected systems to apply the update promptly to mitigate potential impacts on availability. The vulnerability has been rated with a base score of 7.5 on the CVSS scale, indicating its significant severity and low complexity for exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share