GHSA-wqxw-8h5g-hq56

Source

https://github.com/advisories/GHSA-wqxw-8h5g-hq56

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-wqxw-8h5g-hq56/GHSA-wqxw-8h5g-hq56.json

Aliases

• CVE-2023-23925

Published

2023-02-02T01:33:06Z

Modified

2023-11-08T04:11:42.717144Z

Details

Impact

Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS).

Patches

Patched in 3.1.4

Workarounds

Avoid using Strategy settings that use REGEX in conjunction with EXIST and NOT_EXIST operations.

References

• https://github.com/switcherapi/switcher-client-master/security/advisories/GHSA-wqxw-8h5g-hq56
• https://nvd.nist.gov/vuln/detail/CVE-2023-23925
• https://github.com/switcherapi/switcher-client-master/commit/374752563d6ce9353ee592b40c809c8136f24930
• https://github.com/switcherapi/switcher-client-master
• https://github.com/switcherapi/switcher-client-master/releases/tag/v3.1.4