QID 996225
Date Published: 2023-12-13
QID 996225: Rust (Rust) Security Update for deno (GHSA-jc97-h3h9-7xh6)
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to significantly slow down a web socket server.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Github security advisory GHSA-jc97-h3h9-7xh6 for updates and patch information.
Vendor References
- GHSA-jc97-h3h9-7xh6 -
github.com/advisories/GHSA-jc97-h3h9-7xh6
CVEs related to QID 996225
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-jc97-h3h9-7xh6 | deno |
|