GHSA-9pq7-rcxv-47vq

Source

https://github.com/advisories/GHSA-9pq7-rcxv-47vq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/07/GHSA-9pq7-rcxv-47vq/GHSA-9pq7-rcxv-47vq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9pq7-rcxv-47vq

Aliases

CVE-2021-27293

Published

2021-07-14T19:10:01Z

Modified

2024-02-17T05:37:00.550018Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Incorrect Regular Expression in RestSharp

Details

RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.

Database specific

{
    "nvd_published_at": "2021-07-12T11:15:00Z",
    "cwe_ids": [
        "CWE-185",
        "CWE-697"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-07-13T21:24:43Z"
}

References

Affected packages

NuGet / RestSharp

Package

Name: RestSharp; View open source insights on deps.dev
Purl: pkg:nuget/RestSharp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

106.11.8-alpha.0.13

Affected versions

1.*

1.0.0

100.*

100.3.0

101.*

101.0.0

101.1.0

101.2.0

101.3.0

102.*

102.0.0

102.1.0

102.2.0

102.3.0

102.4.0

102.5.0

102.6.0

102.7.0

103.*

103.0.0-nojsondotnet

103.0.0

103.1.0-beta

103.1.0

103.2.0

103.3.0

103.4.0

104.*

104.0.0

104.1.0

104.2.0-beta

104.2.0

104.3.0-beta

104.3.1-beta

104.3.3-beta

104.3.3

104.4.0-beta

104.4.0-rc1

104.4.0

104.5.0-beta

104.5.0

105.*

105.0.0

105.0.1

105.1.0

105.2.0

105.2.1

105.2.2

105.2.3

106.*

106.0.0-alpha0277

106.0.0-alpha0281

106.0.0-alpha0282

106.0.0-alpha0283

106.0.0-alpha0284

106.0.0

106.0.1

106.1.0-alpha0038

106.1.0

106.2.0-alpha0025

106.2.0-alpha0032

106.2.0-alpha0060

106.2.0

106.2.1

106.2.2

106.3.0-alpha0002

106.3.0-alpha0016

106.3.0-alpha0018

106.3.0-alpha0025

106.3.0

106.3.1

106.4.0

106.4.1

106.4.2

106.5.0

106.5.1

106.5.2

106.5.3

106.5.4

106.6.0

106.6.1

106.6.2

106.6.3

106.6.4

106.6.5

106.6.6

106.6.7

106.6.8

106.6.9

106.6.10

106.8.0

106.9.0

106.10.0

106.10.1

106.11.0

106.11.1

106.11.2

106.11.3

106.11.4

106.11.5

106.11.6

106.11.7

Database specific

{
    "last_known_affected_version_range": "<= 106.11.7"
}