Home > Vulnerability Database > CVE-2024-45813

Mend.io Vulnerability Database

CVE-2024-45813

Good to know:

Date: September 18, 2024

find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a "-" at the end, like "/:a-:b-". This may cause a denial of service in some instances. Users are advised to update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. There are no known workarounds for this issue.

Language: JS

Severity Score

5.3

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45813

Url: https://github.com/advisories/GHSA-9wv6-86v2-598j

Url: https://github.com/delvedor/find-my-way/commit/17fae694dcefc056045da201681c1530f0f80518

Url: https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440

Url: https://github.com/delvedor/find-my-way/commit/66fa03923355b8da1db4ba572d66a4fee4a57cf5

Url: https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6

Url: https://blakeembrey.com/posts/2024-09-web-redos

Url: https://github.com/delvedor/find-my-way

Url: https://www.mend.io/vulnerability-database/CVE-2024-45813

Severity Score

5.3

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version find-my-way - 9.0.1;find-my-way - 8.2.2

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45813

Good to know:

Date: September 18, 2024

Language: JS

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?