Find-My-Way Project Find-My-Way vulnerabilities

2 known vulnerabilities affecting find-my-way_project/find-my-way.

Total CVEs

2

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2

Vulnerabilities

Page 1 of 1

CVE-2024-45813HIGHCVSS 7.5≥ 5.5.0, < 8.2.2≥ 9.0.0, < 9.0.12024-09-18

CVE-2024-45813 [HIGH] CWE-1333 find-my-way has a ReDoS vulnerability in multiparametric routes find-my-way has a ReDoS vulnerability in multiparametric routes ### Impact A bad regular expression is generated any time you have two parameters within a single segment, when adding a `-` at the end, like `/:a-:b-`. ### Patches Update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. ### Workarounds No known workarounds. ### References - [CVE-2024-45296](https://github.com/advisories/GH

CVE-2020-7764HIGHCVSS 7.5fixed in 2.2.5≥ 3.0.0, < 3.0.5+3 more2020-11-08

CVE-2020-7764 [HIGH] CWE-444 CVE-2020-7764: This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accep This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack.