Home > Vulnerability Database > CVE-2024-41655

Mend.io Vulnerability Database

CVE-2024-41655

Good to know:

Date: July 23, 2024

TF2 Item Format helps users format TF2 items to the community standards. Versions of "tf2-item-format" since at least "4.2.6" and prior to "5.9.14" are vulnerable to a Regular Expression Denial of Service (ReDoS) attack when parsing crafted user input. This vulnerability can be exploited by an attacker to perform DoS attacks on any service that uses any "tf2-item-format" to parse user input. Version "5.9.14" contains a fix for the issue.

Language: TYPE_SCRIPT

Severity Score

7.5

Related Resources (6)

Url: https://github.com/danocmx/node-tf2-item-format

Url: https://github.com/danocmx/node-tf2-item-format/commit/5cffcc16a9261d6a937bda72bfe6830e02e31eec

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-41655

Url: https://github.com/danocmx/node-tf2-item-format/releases/tag/v5.9.14

Url: https://github.com/danocmx/node-tf2-item-format/security/advisories/GHSA-8h55-q5qq-p685

Url: https://www.mend.io/vulnerability-database/CVE-2024-41655

Severity Score

7.5

Weakness Type (CWE)

Executable Regular Expression Error

CWE-624

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version tf2-item-format - 5.9.14

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-41655

Good to know:

Date: July 23, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?