Common Weakness Enumeration

CWE-185

Allowed-with-Review

Incorrect Regular Expression

Abstraction: Class · Status: Draft

The product specifies a regular expression in a way that causes data to be improperly matched or compared.

70 vulnerabilities reference this CWE, most recent first.

CVE-2026-25479 (GCVE-0-2026-25479)

Vulnerability from cvelistv5 – Published: 2026-02-09 18:48 – Updated: 2026-02-10 16:01
VLAI
Title
Litestar has an AllowedHosts validation bypass due to unescaped regex metacharacters in configured host patterns
Summary
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, in litestar.middleware.allowed_hosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning (e.g., . matches any character). This enables a bypass where an attacker supplies a host that matches the regex but is not the intended literal hostname. This vulnerability is fixed in 2.20.0.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-185 - Incorrect Regular Expression
Assigner
Impacted products
Vendor Product Version
litestar-org litestar Affected: < 2.20.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25479",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-10T15:39:53.590127Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-10T16:01:11.941Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "litestar",
          "vendor": "litestar-org",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.20.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, in litestar.middleware.allowed_hosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning (e.g., . matches any character). This enables a bypass where an attacker supplies a host that matches the regex but is not the intended literal hostname. This vulnerability is fixed in 2.20.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "CWE-185: Incorrect Regular Expression",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T18:48:19.971Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/litestar-org/litestar/security/advisories/GHSA-93ph-p7v4-hwh4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/litestar-org/litestar/security/advisories/GHSA-93ph-p7v4-hwh4"
        },
        {
          "name": "https://github.com/litestar-org/litestar/commit/06b36f481d1bfea6f19995cfb4f203aba45c4ace",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/litestar-org/litestar/commit/06b36f481d1bfea6f19995cfb4f203aba45c4ace"
        },
        {
          "name": "https://docs.litestar.dev/2/release-notes/changelog.html#2.20.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.litestar.dev/2/release-notes/changelog.html#2.20.0"
        },
        {
          "name": "https://github.com/litestar-org/litestar/releases/tag/v2.20.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/litestar-org/litestar/releases/tag/v2.20.0"
        }
      ],
      "source": {
        "advisory": "GHSA-93ph-p7v4-hwh4",
        "discovery": "UNKNOWN"
      },
      "title": "Litestar has an AllowedHosts validation bypass due to unescaped regex metacharacters in configured host patterns"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25479",
    "datePublished": "2026-02-09T18:48:19.971Z",
    "dateReserved": "2026-02-02T16:31:35.821Z",
    "dateUpdated": "2026-02-10T16:01:11.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24398 (GCVE-0-2026-24398)

Vulnerability from cvelistv5 – Published: 2026-01-27 19:06 – Updated: 2026-01-27 19:20
VLAI
Title
Hono's IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing
Summary
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The `IPV4_REGEX` pattern and `convertIPv4ToBinary` function in `src/utils/ipaddr.ts` do not properly validate that IPv4 octet values are within the valid range of 0-255, allowing attackers to craft malformed IP addresses that bypass IP-based access controls. Version 4.11.7 contains a patch for the issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-185 - Incorrect Regular Expression
Assigner
Impacted products
Vendor Product Version
honojs hono Affected: < 4.11.7
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24398",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-27T19:18:50.922446Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-27T19:20:35.594Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "hono",
          "vendor": "honojs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.11.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The `IPV4_REGEX` pattern and `convertIPv4ToBinary` function in `src/utils/ipaddr.ts` do not properly validate that IPv4 octet values are within the valid range of 0-255, allowing attackers to craft malformed IP addresses that bypass IP-based access controls. Version 4.11.7 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "CWE-185: Incorrect Regular Expression",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-27T19:06:42.792Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/honojs/hono/security/advisories/GHSA-r354-f388-2fhh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/honojs/hono/security/advisories/GHSA-r354-f388-2fhh"
        },
        {
          "name": "https://github.com/honojs/hono/commit/edbf6eea8e6c26a3937518d4ed91d8666edeec37",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/honojs/hono/commit/edbf6eea8e6c26a3937518d4ed91d8666edeec37"
        },
        {
          "name": "https://github.com/honojs/hono/releases/tag/v4.11.7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/honojs/hono/releases/tag/v4.11.7"
        }
      ],
      "source": {
        "advisory": "GHSA-r354-f388-2fhh",
        "discovery": "UNKNOWN"
      },
      "title": "Hono\u0027s IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-24398",
    "datePublished": "2026-01-27T19:06:42.792Z",
    "dateReserved": "2026-01-22T18:19:49.172Z",
    "dateUpdated": "2026-01-27T19:20:35.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4296 (GCVE-0-2026-4296)

Vulnerability from cvelistv5 – Published: 2026-04-21 22:12 – Updated: 2026-04-22 13:16
VLAI
Title
Incorrect Regular Expression vulnerability in GitHub Enterprise Server allowed unauthorized access to user accounts via OAuth callback URL validation bypass
Summary
An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious authorization link that, when clicked by a victim, would redirect the OAuth authorization code to an attacker-controlled domain. This could allow the attacker to gain unauthorized access to the victim's account with the scopes granted to the OAuth application. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-185 - Incorrect Regular Expression
Assigner
Impacted products
Vendor Product Version
GitHub Enterprise Server Affected: 3.14.0 , ≤ 3.14.25 (semver)
Affected: 3.15.0 , ≤ 3.15.20 (semver)
Affected: 3.16.0 , ≤ 3.16.16 (semver)
Affected: 3.17.0 , ≤ 3.17.13 (semver)
Affected: 3.18.0 , ≤ 3.18.7 (semver)
Affected: 3.19.0 , ≤ 3.19.4 (semver)
Affected: 3.20.0 , < 3.20.1 (semver)
Create a notification for this product.
Credits
ahacker1 hacktron
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4296",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T13:16:42.627751Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T13:16:53.004Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Enterprise Server",
          "vendor": "GitHub",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.14.26",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.14.25",
              "status": "affected",
              "version": "3.14.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.15.21",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.15.20",
              "status": "affected",
              "version": "3.15.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.16.17",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.16.16",
              "status": "affected",
              "version": "3.16.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.17.14",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.17.13",
              "status": "affected",
              "version": "3.17.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.18.8",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.18.7",
              "status": "affected",
              "version": "3.18.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.19.5",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.19.4",
              "status": "affected",
              "version": "3.19.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.20.1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "3.20.1",
              "status": "affected",
              "version": "3.20.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "ahacker1"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "hacktron"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application\u0027s registered callback URL could craft a malicious authorization link that, when clicked by a victim, would redirect the OAuth authorization code to an attacker-controlled domain. This could allow the attacker to gain unauthorized access to the victim\u0027s account with the scopes granted to the OAuth application. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e"
            }
          ],
          "value": "An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application\u0027s registered callback URL could craft a malicious authorization link that, when clicked by a victim, would redirect the OAuth authorization code to an attacker-controlled domain. This could allow the attacker to gain unauthorized access to the victim\u0027s account with the scopes granted to the OAuth application. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "CWE-185 Incorrect Regular Expression",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T22:12:45.356Z",
        "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
        "shortName": "GitHub_P"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.26"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Incorrect Regular Expression vulnerability in GitHub Enterprise Server allowed unauthorized access to user accounts via OAuth callback URL validation bypass",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
    "assignerShortName": "GitHub_P",
    "cveId": "CVE-2026-4296",
    "datePublished": "2026-04-21T22:12:45.356Z",
    "dateReserved": "2026-03-16T17:48:03.040Z",
    "dateUpdated": "2026-04-22T13:16:53.004Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3419 (GCVE-0-2026-3419)

Vulnerability from cvelistv5 – Published: 2026-03-06 17:50 – Updated: 2026-03-09 14:55
VLAI
Title
Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation
Summary
Fastify incorrectly accepts malformed `Content-Type` headers containing trailing characters after the subtype token, in violation of RFC 9110 §8.3.1(https://httpwg.org/specs/rfc9110.html#field.content-type). For example, a request sent with Content-Type: application/json garbage passes validation and is processed normally, rather than being rejected with 415 Unsupported Media Type. When regex-based content-type parsers are in use (a documented Fastify feature), the malformed value is matched against registered parsers using the full string including the trailing garbage. This means a request with an invalid content-type may be routed to and processed by a parser it should never have reached. Impact: An attacker can send requests with RFC-invalid Content-Type headers that bypass validity checks, reach content-type parser matching, and be processed by the server. Requests that should be rejected at the validation stage are instead handled as if the content-type were valid. Workarounds: Deploy a WAF rule to protect against this Fix: The fix is available starting with v5.8.1.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-185 - Incorrect Regular Expression
Assigner
Impacted products
Vendor Product Version
fastify fastify Affected: 5.7.2 , < 5.8.1 (semver)
Unaffected: 5.8.1 (semver)
Create a notification for this product.
Credits
Saad FELLAHI James Sumners Matteo Collina Ulises Gascón
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3419",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-09T14:55:13.971640Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-09T14:55:21.011Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/fastify",
          "product": "fastify",
          "vendor": "fastify",
          "versions": [
            {
              "lessThan": "5.8.1",
              "status": "affected",
              "version": "5.7.2",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "5.8.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Saad FELLAHI"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "James Sumners"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Matteo Collina"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Ulises Gasc\u00f3n"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Fastify incorrectly accepts malformed `Content-Type` headers containing trailing characters after the subtype token, in violation of RFC 9110 \u00a78.3.1(https://httpwg.org/specs/rfc9110.html#field.content-type). For example, a request sent with Content-Type: application/json garbage passes validation and is processed normally, rather than being rejected with 415 Unsupported Media Type.\n\nWhen regex-based content-type parsers are in use (a documented Fastify feature), the malformed value is matched against registered parsers using the full string including the trailing garbage. This means a request with an invalid content-type may be routed to and processed by a parser it should never have reached.\n\nImpact:\nAn attacker can send requests with RFC-invalid Content-Type headers that bypass validity checks, reach content-type parser matching, and be processed by the server. Requests that should be rejected at the validation stage are instead handled as if the content-type were valid.\n\nWorkarounds:\nDeploy a WAF rule to protect against this\n\nFix:\n\nThe fix is available starting with v5.8.1."
            }
          ],
          "value": "Fastify incorrectly accepts malformed `Content-Type` headers containing trailing characters after the subtype token, in violation of RFC 9110 \u00a78.3.1(https://httpwg.org/specs/rfc9110.html#field.content-type). For example, a request sent with Content-Type: application/json garbage passes validation and is processed normally, rather than being rejected with 415 Unsupported Media Type.\n\nWhen regex-based content-type parsers are in use (a documented Fastify feature), the malformed value is matched against registered parsers using the full string including the trailing garbage. This means a request with an invalid content-type may be routed to and processed by a parser it should never have reached.\n\nImpact:\nAn attacker can send requests with RFC-invalid Content-Type headers that bypass validity checks, reach content-type parser matching, and be processed by the server. Requests that should be rejected at the validation stage are instead handled as if the content-type were valid.\n\nWorkarounds:\nDeploy a WAF rule to protect against this\n\nFix:\n\nThe fix is available starting with v5.8.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "CWE-185: Incorrect Regular Expression",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-06T17:54:33.542Z",
        "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "shortName": "openjs"
      },
      "references": [
        {
          "url": "https://github.com/fastify/fastify/security/advisories/GHSA-573f-x89g-hqp9"
        },
        {
          "url": "https://github.com/fastify/fastify/commit/67f6c9b32cb3623d3c9470cc17ed830dd2f083d7"
        },
        {
          "url": "https://httpwg.org/specs/rfc9110.html#field.content-type"
        },
        {
          "url": "https://github.com/advisories/GHSA-573f-x89g-hqp9"
        },
        {
          "url": "https://cna.openjsf.org/security-advisories.html"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3419"
        }
      ],
      "title": "Fastify\u0027s Missing End Anchor in \"subtypeNameReg\" Allows Malformed Content-Types to Pass Validation",
      "x_generator": {
        "engine": "cve-kit 1.0.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
    "assignerShortName": "openjs",
    "cveId": "CVE-2026-3419",
    "datePublished": "2026-03-06T17:50:58.714Z",
    "dateReserved": "2026-03-01T18:56:49.613Z",
    "dateUpdated": "2026-03-09T14:55:21.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-54365 (GCVE-0-2025-54365)

Vulnerability from cvelistv5 – Published: 2025-07-23 22:11 – Updated: 2025-07-24 13:36
VLAI
Title
fastapi-guard patch contains bypassable RegEx
Summary
fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. This type of patch fails to detect cases in which the string representing the attributes of a <script> tag exceeds 100 characters. As a result, most of the regex patterns present in version 3.0.1 can be bypassed. This is fixed in version 3.0.2.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-20 - Improper Input Validation
  • CWE-185 - Incorrect Regular Expression
Assigner
Impacted products
Vendor Product Version
rennf93 fastapi-guard Affected: >= 3.0.1, < 3.0.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54365",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-24T13:13:00.507260Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-24T13:36:52.638Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/rennf93/fastapi-guard/security/advisories/GHSA-rrf6-pxg8-684g"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "fastapi-guard",
          "vendor": "rennf93",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.0.1, \u003c 3.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. This type of patch fails to detect cases in which the string representing the attributes of a \u003cscript\u003e tag exceeds 100 characters. As a result, most of the regex patterns present in version 3.0.1 can be bypassed. This is fixed in version 3.0.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "CWE-185: Incorrect Regular Expression",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-23T22:11:36.441Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rennf93/fastapi-guard/security/advisories/GHSA-rrf6-pxg8-684g",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rennf93/fastapi-guard/security/advisories/GHSA-rrf6-pxg8-684g"
        },
        {
          "name": "https://github.com/rennf93/fastapi-guard/commit/0829292c322d33dc14ab00c5451c5c138148035a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rennf93/fastapi-guard/commit/0829292c322d33dc14ab00c5451c5c138148035a"
        },
        {
          "name": "https://github.com/rennf93/fastapi-guard/commit/d9d50e8130b7b434cdc1b001b8cfd03a06729f7f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rennf93/fastapi-guard/commit/d9d50e8130b7b434cdc1b001b8cfd03a06729f7f"
        }
      ],
      "source": {
        "advisory": "GHSA-rrf6-pxg8-684g",
        "discovery": "UNKNOWN"
      },
      "title": "fastapi-guard patch contains bypassable RegEx"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54365",
    "datePublished": "2025-07-23T22:11:36.441Z",
    "dateReserved": "2025-07-21T16:12:20.731Z",
    "dateUpdated": "2025-07-24T13:36:52.638Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20139 (GCVE-0-2025-20139)

Vulnerability from cvelistv5 – Published: 2025-04-02 16:16 – Updated: 2025-04-02 16:33
VLAI
Summary
A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this vulnerability by sending malicious requests to a messaging chat entry point in the affected application. A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-185 - Incorrect Regular Expression
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Enterprise Chat and Email Affected: 11.5(1)
Affected: 11.6(1)
Affected: 11.6(1)_ES2
Affected: 11.6(1)_ES3
Affected: 11.6(1)_ES4
Affected: 11.6(1)_ES5
Affected: 11.6(1)_ES6
Affected: 11.6(1)_ES10
Affected: 11.6(1)_ES11
Affected: 11.6(1)_ES7
Affected: 11.6(1)_ES8
Affected: 11.6(1)_ES9
Affected: 11.6(1)_ES9a
Affected: 11.6(1)_ES12
Affected: 11.6(1)_ES12_ET1
Affected: 12.0(1)
Affected: 12.0(1)_ES1
Affected: 12.0(1)_ES2
Affected: 12.0(1)_ES3
Affected: 12.0(1)_ES4
Affected: 12.0(1)_ES5
Affected: 12.0(1)_ES5a
Affected: 12.0(1)_ES6
Affected: 12.0(1)_ES6_ET1
Affected: 12.0(1)_ES6_ET2
Affected: 12.0(1)_ES6_ET3
Affected: 12.0(1)_ES7
Affected: 12.0(1)_ES7_ET1
Affected: 12.5(1)
Affected: 12.5(1)_ES1
Affected: 12.5(1)_ES2
Affected: 12.5(1)_ES3
Affected: 12.5(1)_ES3_ET1
Affected: 12.5(1)_ET1
Affected: 12.5(1)_ES4
Affected: 12.5(1)_ES3_ET2
Affected: 12.5(1)_ES4_ET1
Affected: 12.5(1)_ES5
Affected: 12.5(1)_ES5_ET1
Affected: 12.5(1)_ES6
Affected: 12.5(1)_ES7
Affected: 12.5(1)_ES8
Affected: 12.5(1)_ES8_ET1
Affected: 12.5(1)_ES3_ET3
Affected: 12.5(1)_ES5_ET2
Affected: 12.5(1)_ES6_ET1
Affected: 12.5(1)_ES4_ET2
Affected: 12.5(1)_ES7_ET1
Affected: 12.5(1)_ES9
Affected: 12.6(1)
Affected: 12.6(1)_ET1
Affected: 12.6(1)_ET2
Affected: 12.6(1)_ES1
Affected: 12.6(1)_ET3
Affected: 12.6(1)_ES1_ET1
Affected: 12.6(1)_ES2
Affected: 12.6(1)_ES3
Affected: 12.6(1)_ES4
Affected: 12.6(1)_ES4_ET1
Affected: 12.6(1)_ES5
Affected: 12.6(1)_ES5_ET1
Affected: 12.6(1)_ES5_ET2
Affected: 12.6(1)_ES6
Affected: 12.6(1)_ES6_ET1
Affected: 12.6(1)_ES6_ET2
Affected: 12.6(1)_ES7
Affected: 12.6(1)_ES8
Affected: 12.6(1)_ES4_ET2
Affected: 12.6(1)_ES3_ET3
Affected: 12.6(1)_ES2_ET5
Affected: 12.6(1)_ES1_ET2
Affected: 12.6(1)_ES8_ET1
Affected: 12.6(1)_ES7_ET1
Affected: 12.6(1)_ES6_ET3
Affected: 12.6(1)_ES5_ET3
Affected: 12.6(1)_ES8_ET2
Affected: 12.6(1)_ES9
Affected: 12.6(1)_ES9_ET1
Affected: 12.6(1)_ES9_ET2
Affected: 12.6(1)_ES9_ET3
Affected: 12.6_ES2_ET1
Affected: 12.6_ES2_ET2
Affected: 12.6_ES2_ET3
Affected: 12.6_ES2_ET4
Affected: 12.6_ES3_ET1
Affected: 12.6_ES3_ET2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20139",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-02T16:33:38.164036Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-02T16:33:45.699Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Enterprise Chat and Email",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES2"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES3"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES4"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES5"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES6"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES10"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES11"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES7"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES8"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES9"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES9a"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES12"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES12_ET1"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES1"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES2"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES3"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES4"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES5"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES5a"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES6"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES6_ET1"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES6_ET2"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES6_ET3"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES7"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES7_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES2"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES3_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES4"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES3_ET2"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES4_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES5"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES5_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES6"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES7"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES8"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES8_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES3_ET3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES5_ET2"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES6_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES4_ET2"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES7_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES9"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET3"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES1_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES3"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES4"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES4_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES5"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES5_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES5_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES6"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES6_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES6_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES7"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES8"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES4_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES3_ET3"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES2_ET5"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES1_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES8_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES7_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES6_ET3"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES5_ET3"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES8_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES9"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES9_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES9_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES9_ET3"
            },
            {
              "status": "affected",
              "version": "12.6_ES2_ET1"
            },
            {
              "status": "affected",
              "version": "12.6_ES2_ET2"
            },
            {
              "status": "affected",
              "version": "12.6_ES2_ET3"
            },
            {
              "status": "affected",
              "version": "12.6_ES2_ET4"
            },
            {
              "status": "affected",
              "version": "12.6_ES3_ET1"
            },
            {
              "status": "affected",
              "version": "12.6_ES3_ET2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this vulnerability by sending malicious requests to a messaging chat entry point in the affected application. A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "Incorrect Regular Expression",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-02T16:16:17.546Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ece-dos-tC6m9GZ8",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-tC6m9GZ8"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ece-dos-tC6m9GZ8",
        "defects": [
          "CSCwm08282"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20139",
    "datePublished": "2025-04-02T16:16:17.546Z",
    "dateReserved": "2024-10-10T19:15:13.213Z",
    "dateUpdated": "2025-04-02T16:33:45.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52289 (GCVE-0-2024-52289)

Vulnerability from cvelistv5 – Published: 2024-11-21 17:18 – Updated: 2025-09-23 18:21
VLAI
Title
authentik has an insecure default configuration for OAuth2 Redirect URIs
Summary
authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will automatically use the first redirect_uri value received as an allowed redirect URI, without escaping characters that have a special meaning in RegEx. Similarly, the documentation did not take this into consideration either. Given a provider with the Redirect URIs set to https://foo.example.com, an attacker can register a domain fooaexample.com, and it will correctly pass validation. authentik 2024.8.5 and 2024.10.3 fix this issue. As a workaround, When configuring OAuth2 providers, make sure to escape any wildcard characters that are not intended to function as a wildcard, for example replace `.` with `\.`.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-185 - Incorrect Regular Expression
Assigner
Impacted products
Vendor Product Version
goauthentik authentik Affected: < 2024.8.5
Affected: >= 2024.10.0-rc1, < 2024.10.3
Create a notification for this product.
goauthentik authentik Affected: 0 , < 2024.8.5 (custom)
Affected: 2024.10.0-rc1 , < 2024.10.3 (custom)
    cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "authentik",
            "vendor": "goauthentik",
            "versions": [
              {
                "lessThan": "2024.8.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.10.3",
                "status": "affected",
                "version": "2024.10.0-rc1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52289",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T20:44:55.487746Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T20:50:00.471Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-09-23T18:21:58.900Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2024-52289-detect-authentik-vulnerability"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2024-52289-mitigate-authentik-vulnerability"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "authentik",
          "vendor": "goauthentik",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2024.8.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 2024.10.0-rc1, \u003c 2024.10.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison.\nWhen no Redirect URIs are configured in a provider, authentik will automatically use the first redirect_uri value received as an allowed redirect URI, without escaping characters that have a special meaning in RegEx. Similarly, the documentation did not take this into consideration either. Given a provider with the Redirect URIs set to https://foo.example.com, an attacker can register a domain fooaexample.com, and it will correctly pass validation. authentik 2024.8.5 and 2024.10.3 fix this issue. As a workaround, When configuring OAuth2 providers, make sure to escape any wildcard characters that are not intended to function as a wildcard, for example replace `.` with `\\.`."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.9,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "CWE-185: Incorrect Regular Expression",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-21T17:18:41.161Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/goauthentik/authentik/security/advisories/GHSA-3q5w-6m3x-64gj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-3q5w-6m3x-64gj"
        },
        {
          "name": "https://github.com/goauthentik/authentik/commit/85bb638243c8d7ea42ddd3b15b3f51a90d2b8c54",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/goauthentik/authentik/commit/85bb638243c8d7ea42ddd3b15b3f51a90d2b8c54"
        }
      ],
      "source": {
        "advisory": "GHSA-3q5w-6m3x-64gj",
        "discovery": "UNKNOWN"
      },
      "title": "authentik has an insecure default configuration for OAuth2 Redirect URIs"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52289",
    "datePublished": "2024-11-21T17:18:41.161Z",
    "dateReserved": "2024-11-06T19:00:26.394Z",
    "dateUpdated": "2025-09-23T18:21:58.900Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6641 (GCVE-0-2024-6641)

Vulnerability from cvelistv5 – Published: 2024-09-18 05:31 – Updated: 2026-04-08 17:02
VLAI
Title
WP Hardening – Fix Your WordPress Security <= 1.2.6 - Unauthenticated Security Feature Bypass to Username Enumeration
Summary
The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the "Stop User Enumeration" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-185 - Incorrect Regular Expression
Assigner
Impacted products
Vendor Product Version
astrasecuritysuite WP Hardening (discontinued) Affected: 0 , ≤ 1.2.6 (semver)
Create a notification for this product.
getastra wp_hardening Affected: 0 , ≤ 1.2.6 (semver)
    cpe:2.3:a:getastra:wp_hardening:*:*:*:*:*:wordpress:*:*
Create a notification for this product.
Credits
Felipe Caon
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:getastra:wp_hardening:*:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "wp_hardening",
            "vendor": "getastra",
            "versions": [
              {
                "lessThanOrEqual": "1.2.6",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6641",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T15:01:44.858232Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-18T15:04:25.453Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WP Hardening (discontinued)",
          "vendor": "astrasecuritysuite",
          "versions": [
            {
              "lessThanOrEqual": "1.2.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Felipe Caon"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WP Hardening \u2013 Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the \"Stop User Enumeration\" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "CWE-185 Incorrect Regular Expression",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:02:20.677Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7a52a278-1729-4027-8a00-e9804fa6698b?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3151308/wp-security-hardening"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-10T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2024-09-17T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "WP Hardening \u2013 Fix Your WordPress Security \u003c= 1.2.6 - Unauthenticated Security Feature Bypass to Username Enumeration"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-6641",
    "datePublished": "2024-09-18T05:31:13.844Z",
    "dateReserved": "2024-07-10T00:52:55.526Z",
    "dateUpdated": "2026-04-08T17:02:20.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-2223 (GCVE-0-2024-2223)

Vulnerability from cvelistv5 – Published: 2024-04-09 13:01 – Updated: 2024-08-12 17:59
VLAI
Title
Incorrect Regular Expression in GravityZone Update Server (VA-11465)
Summary
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:  Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for  Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-185 - Incorrect Regular Expression
Assigner
Impacted products
Vendor Product Version
Bitdefender GravityZone Control Center (On Premises) Affected: 6.36.1
Create a notification for this product.
Bitdefender Endpoint Security for Windows Affected: 7.9.9.380
Create a notification for this product.
Bitdefender Endpoint Security for Linux Affected: 7.0.5.200089
Create a notification for this product.
bitdefender gravityzone Affected: 6.36.1
    cpe:2.3:a:bitdefender:gravityzone:6.36.1:*:*:*:*:*:*:*
Create a notification for this product.
bitdefender endpoint_security_for_windows Affected: 7.9.9.380
    cpe:2.3:a:bitdefender:endpoint_security_for_windows:7.9.9.380:*:*:*:*:*:*:*
Create a notification for this product.
bitdefender endpoint_security_for_linux Affected: 7.0.5.200089
    cpe:2.3:a:bitdefender:endpoint_security_for_linux:7.0.5.200089:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-04-09 09:00
Credits
Nicolas VERDIER -- n1nj4sec
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:03:39.042Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:bitdefender:gravityzone:6.36.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "gravityzone",
            "vendor": "bitdefender",
            "versions": [
              {
                "status": "affected",
                "version": "6.36.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:bitdefender:endpoint_security_for_windows:7.9.9.380:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "endpoint_security_for_windows",
            "vendor": "bitdefender",
            "versions": [
              {
                "status": "affected",
                "version": "7.9.9.380"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:bitdefender:endpoint_security_for_linux:7.0.5.200089:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "endpoint_security_for_linux",
            "vendor": "bitdefender",
            "versions": [
              {
                "status": "affected",
                "version": "7.0.5.200089"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2223",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-12T15:13:14.948905Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T17:59:36.379Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "GravityZone Control Center (On Premises)",
          "vendor": "Bitdefender",
          "versions": [
            {
              "status": "affected",
              "version": "6.36.1"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Endpoint Security for Windows",
          "vendor": "Bitdefender",
          "versions": [
            {
              "status": "affected",
              "version": "7.9.9.380"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Endpoint Security for Linux",
          "vendor": "Bitdefender",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.5.200089"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nicolas VERDIER -- n1nj4sec"
        }
      ],
      "datePublic": "2024-04-09T09:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:\u0026nbsp;\u003cbr\u003e\u003cbr\u003eBitdefender Endpoint Security for Linux version 7.0.5.200089\u003cbr\u003eBitdefender Endpoint Security for\u0026nbsp; Windows version 7.9.9.380\u003cbr\u003eGravityZone Control Center (On Premises) version 6.36.1\u003cbr\u003e\u003c/span\u003e"
            }
          ],
          "value": "An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:\u00a0\n\nBitdefender Endpoint Security for Linux version 7.0.5.200089\nBitdefender Endpoint Security for\u00a0 Windows version 7.9.9.380\nGravityZone Control Center (On Premises) version 6.36.1\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-664",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-664: Server Side Request Forgery"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "CWE-185: Incorrect Regular Expression",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-09T13:01:34.716Z",
        "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "shortName": "Bitdefender"
      },
      "references": [
        {
          "url": "https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An automatic update to the following versions fixes the issues:\u003cbr\u003e\u003cbr\u003eBitdefender Endpoint Security for Linux version 7.0.5.200090\u003cbr\u003eBitdefender Endpoint Security for  Windows version 7.9.9.381\u003cbr\u003eGravityZone Control Center (On Premises) version 6.36.1-1\u003cbr\u003e"
            }
          ],
          "value": "An automatic update to the following versions fixes the issues:\n\nBitdefender Endpoint Security for Linux version 7.0.5.200090\nBitdefender Endpoint Security for  Windows version 7.9.9.381\nGravityZone Control Center (On Premises) version 6.36.1-1\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": " Incorrect Regular Expression in GravityZone Update Server (VA-11465)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
    "assignerShortName": "Bitdefender",
    "cveId": "CVE-2024-2223",
    "datePublished": "2024-04-09T13:01:34.716Z",
    "dateReserved": "2024-03-06T14:44:01.368Z",
    "dateUpdated": "2024-08-12T17:59:36.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-36093 (GCVE-0-2021-36093)

Vulnerability from cvelistv5 – Published: 2021-09-06 13:15 – Updated: 2024-09-16 20:36
VLAI
Title
DoS attack using PostMaster filters
Summary
It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.
CWE
  • CWE-185 - Incorrect Regular Expression
Assigner
References
Impacted products
Vendor Product Version
OTRS AG ((OTRS)) Community Edition Affected: 6.0.1 , < 6.0.x* (custom)
Create a notification for this product.
OTRS AG OTRS Affected: 7.0.x , ≤ 7.0.28 (custom)
Affected: 8.0.x , ≤ 8.0.15 (custom)
Create a notification for this product.
Date Public
2021-09-06 00:00
Credits
Alberto Molina
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:47:43.937Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://otrs.com/release-notes/otrs-security-advisory-2021-16/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "((OTRS)) Community Edition",
          "vendor": "OTRS AG",
          "versions": [
            {
              "lessThan": "6.0.x*",
              "status": "affected",
              "version": "6.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "OTRS",
          "vendor": "OTRS AG",
          "versions": [
            {
              "lessThanOrEqual": "7.0.28",
              "status": "affected",
              "version": "7.0.x",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.0.15",
              "status": "affected",
              "version": "8.0.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Alberto Molina"
        }
      ],
      "datePublic": "2021-09-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "It\u0027s possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "CWE-185 Incorrect Regular Expression",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-06T13:15:23.000Z",
        "orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
        "shortName": "OTRS"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://otrs.com/release-notes/otrs-security-advisory-2021-16/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update to OTRS 8.0.16, OTRS 7.0.29."
        }
      ],
      "source": {
        "advisory": "OSA-2021-16",
        "defect": [
          "2021070842000819"
        ],
        "discovery": "USER"
      },
      "title": "DoS attack using PostMaster filters",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@otrs.com",
          "DATE_PUBLIC": "2021-09-06T00:00:00.000Z",
          "ID": "CVE-2021-36093",
          "STATE": "PUBLIC",
          "TITLE": "DoS attack using PostMaster filters"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "((OTRS)) Community Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_name": "6.0.x",
                            "version_value": "6.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "OTRS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "7.0.x",
                            "version_value": "7.0.28"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "8.0.x",
                            "version_value": "8.0.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OTRS AG"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Alberto Molina"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It\u0027s possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-185 Incorrect Regular Expression"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://otrs.com/release-notes/otrs-security-advisory-2021-16/",
              "refsource": "CONFIRM",
              "url": "https://otrs.com/release-notes/otrs-security-advisory-2021-16/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update to OTRS 8.0.16, OTRS 7.0.29."
          }
        ],
        "source": {
          "advisory": "OSA-2021-16",
          "defect": [
            "2021070842000819"
          ],
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
    "assignerShortName": "OTRS",
    "cveId": "CVE-2021-36093",
    "datePublished": "2021-09-06T13:15:24.049Z",
    "dateReserved": "2021-07-01T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:36:38.524Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-45
Implementation

Strategy: Refactoring

Regular expressions can become error prone when defining a complex language even for those experienced in writing grammars. Determine if several smaller regular expressions simplify one large regular expression. Also, subject the regular expression to thorough testing techniques such as equivalence partitioning, boundary value analysis, and robustness. After testing and a reasonable confidence level is achieved, a regular expression may not be foolproof. If an exploit is allowed to slip through, then record the exploit and refactor the regular expression.

CAPEC-15: Command Delimiters

An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.

CAPEC-6: Argument Injection

An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.

CAPEC-79: Using Slashes in Alternate Encoding

This attack targets the encoding of the Slash characters. An adversary would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the adversary many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.