CVE-2020-36649 — Regex Denial of Service in Papaparse

CWE-1333 — Regex Denial of Service CWE-185 — Incorrect Regular Expression6 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 37.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Papaparse Debian Mediawiki +1 more

Timeline

PublishedJan 11

Description

A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5mholt/papaparse5.0, 5.1+1

▶NVDpapaparse/papaparse5.1.0 — 5.2.0

▶npmpapaparse/papaparse< 5.2.0

▶debiandebian/mediawiki< mediawiki 1:1.39.4-1~deb12u1 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.35.11-1~deb11u1+3

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2020-36649: A vulnerability was found in mholt PapaParse up to 5↗2023-01-11

▶

GHSA

Regular Expression Denial of Service in papaparse↗2020-09-04

▶

OSV

Regular Expression Denial of Service in papaparse↗2020-09-04

▶

📋Vendor Advisories

Red Hat

papaparse: RegExp used to detect numbers is vulnerable to ReDoS↗2023-01-11

▶

Debian

CVE-2020-36649: mediawiki - A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified...↗2020

▶