CVE-2024-52798
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-52798
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52798.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-52798
- Aliases
- Downstream
- Related
- Published
- 2024-12-05T22:45:42.774Z
- Modified
- 2025-12-05T07:20:10.152852Z
- Severity
-
- 7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x
- Details
-
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296.
- Database specific
{ "cwe_ids": [ "CWE-1333" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52798.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52798.json
- https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4
- https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w
- https://nvd.nist.gov/vuln/detail/CVE-2024-52798
- https://security.netapp.com/advisory/ntap-20250124-0002/