CVE-2023-26103

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-26103

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26103.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-26103

Aliases

GHSA-jc97-h3h9-7xh6

Published

2023-02-25T05:15:12Z

Modified

2024-05-14T12:46:43.494161Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to significantly slow down a web socket server.

References

Affected packages

Git / github.com/denoland/deno

Affected ranges

Type: GIT
Repo: https://github.com/denoland/deno
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cf06a7c7e672880e1b38598fe445e2c50b4a9d06

Affected versions

std/0.*

std/0.34.0

std/0.35.0

std/0.36.0

std/0.37.0

std/0.38.0

std/0.39.0

std/0.40.0

std/0.41.0

std/0.42.0

std/0.50.0

std/0.51.0

std/0.52.0

std/0.53.0

std/0.54.0

std/0.55.0

std/0.56.0

std/0.57.0

std/0.58.0

std/0.59.0

std/0.60.0

std/0.61.0

std/0.62.0

std/0.63.0

std/0.64.0

std/0.65.0

std/0.66.0

std/0.67.0

std/0.68.0

std/0.69.0

std/0.70.0

std/0.71.0

std/0.72.0

std/0.73.0

std/0.74.0

std/0.75.0

std/0.76.0

std/0.77.0

std/0.78.0

std/0.79.0

std/0.80.0

std/0.81.0

std/0.82.0

std/0.83.0

std/0.84.0

std/0.85.0

v0.*

v0.0.1

v0.0.3

v0.1.0

v0.1.1

v0.1.10

v0.1.11

v0.1.12

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.18.0

v0.19.0

v0.2.0

v0.2.1

v0.2.10

v0.2.11

v0.2.2

v0.2.3

v0.2.4

v0.2.5

v0.2.6

v0.2.7

v0.2.8

v0.2.9

v0.20.0

v0.21.0

v0.22.0

v0.23.0

v0.24.0

v0.25.0

v0.26.0

v0.27.0

v0.28.0

v0.28.1

v0.29.0

v0.3.0

v0.3.1

v0.3.10

v0.3.11

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.3.9

v0.30.0

v0.30.1

v0.31.0

v0.32.0

v0.33.0

v0.34.0

v0.35.0

v0.36.0

v0.37.0

v0.37.1

v0.38.0

v0.39.0

v0.4.0

v0.40.0

v0.41.0

v0.42.0

v0.5.0

v0.6.0

v0.7.0

v0.8.0

v0.9.0

v1.*

v1.0.0

v1.0.0-rc1

v1.0.0-rc2

v1.0.0-rc3

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.10.0

v1.10.1

v1.10.3

v1.11.0

v1.11.1

v1.11.2

v1.12.0

v1.12.1

v1.12.2

v1.13.0

v1.13.1

v1.13.2

v1.14.0

v1.14.1

v1.14.2

v1.15.0

v1.15.1

v1.15.2

v1.15.3

v1.16.0

v1.16.1

v1.16.2

v1.17.0

v1.18.0

v1.19.0

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.20.0

v1.20.1

v1.21.0

v1.22.0

v1.23.0

v1.24.0

v1.25.0

v1.26.0

v1.27.0

v1.28.0

v1.29.0

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.30.0

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.7.4

v1.8.0

v1.8.1

v1.8.2

v1.9.0

v1.9.1

v1.9.2