CVE-2024-52798: Unpatched `path-to-regexp` ReDoS in 0.1.x
(updated )
The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp, originally reported in CVE-2024-45296
References
- blakeembrey.com/posts/2024-09-web-redos
- github.com/advisories/GHSA-rhx6-c78j-4q9w
- github.com/pillarjs/path-to-regexp
- github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4
- github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w
- nvd.nist.gov/vuln/detail/CVE-2024-52798
- security.netapp.com/advisory/ntap-20250124-0002
Code Behaviors & Features
Detect and mitigate CVE-2024-52798 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →