GHSA-9m49-p2j3-c6xm

Suggest an improvement
Source
https://github.com/advisories/GHSA-9m49-p2j3-c6xm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-9m49-p2j3-c6xm/GHSA-9m49-p2j3-c6xm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-9m49-p2j3-c6xm
Aliases
Published
2025-10-16T09:30:25Z
Modified
2025-11-05T20:49:23Z
Severity
  • 1.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability
Details

*** UNSUPPORTED WHEN ASSIGNED *** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control.

This issue affects Apache Traffic Control: all versions.

People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability.

As this project is retired, it is not planned to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Database specific 
{
    "github_reviewed": true,
    "severity": "LOW",
    "github_reviewed_at": "2025-10-16T21:14:47Z",
    "nvd_published_at": "2025-10-16T09:15:35Z",
    "cwe_ids": [
        "CWE-1333"
    ]
}
References

Affected packages

Go / github.com/apache/trafficcontrol/v8

Package

Name
github.com/apache/trafficcontrol/v8
View open source insights on deps.dev
Purl
pkg:golang/github.com/apache/trafficcontrol/v8

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
8.0.2

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-9m49-p2j3-c6xm/GHSA-9m49-p2j3-c6xm.json"