Home > Vulnerability Database > CVE-2024-52798

Mend.io Vulnerability Database

CVE-2024-52798

Good to know:

Date: December 5, 2024

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296.

Language: JS

Severity Score

7.5

Related Resources (8)

Url: https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4

Url: https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w

Url: https://github.com/pillarjs/path-to-regexp

Url: https://security.netapp.com/advisory/ntap-20250124-0002/

Url: https://security.netapp.com/advisory/ntap-20250124-0002

Url: https://blakeembrey.com/posts/2024-09-web-redos

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-52798

Url: https://www.mend.io/vulnerability-database/CVE-2024-52798

Severity Score

7.5

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version path-to-regexp - 0.1.12

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-52798

Good to know:

Date: December 5, 2024

Language: JS

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?