JLSEC-2026-101
- Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-101.md
- Import Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-101.json
- JSON Data
- https://api.osv.dev/v1/vulns/JLSEC-2026-101
- Upstream
- Published
- 2026-04-14T13:10:46.494Z
- Modified
- 2026-04-14T13:15:12.000183Z
- Summary
- [none]
- Details
-
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to significantly slow down a web socket server.
- Database specific
{ "license": "CC-BY-4.0", "sources": [ { "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26103", "modified": "2025-03-11T16:15:14.263Z", "id": "CVE-2023-26103", "published": "2023-02-25T05:15:12.343Z", "imported": "2026-04-14T12:58:54.989Z", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-26103" } ] }- References
-
- https://github.com/denoland/deno/blob/2b247be517d789a37e532849e2e40b724af0918f/ext/http/01_http.js%23L395-L409
- https://github.com/denoland/deno/commit/cf06a7c7e672880e1b38598fe445e2c50b4a9d06
- https://github.com/denoland/deno/pull/17722
- https://github.com/denoland/deno/releases/tag/v1.31.0
- https://security.snyk.io/vuln/SNYK-RUST-DENO-3315970
- https://github.com/denoland/deno/blob/2b247be517d789a37e532849e2e40b724af0918f/ext/http/01_http.js%23L395-L409
- https://github.com/denoland/deno/commit/cf06a7c7e672880e1b38598fe445e2c50b4a9d06
- https://github.com/denoland/deno/pull/17722
- https://github.com/denoland/deno/releases/tag/v1.31.0
- https://security.snyk.io/vuln/SNYK-RUST-DENO-3315970