CVE-2017-20162

Exploit

EPSS 0.04%
Veröffentlicht 05.01.2023 12:15:09
Zuletzt bearbeitet 03.11.2025 22:15:43
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is named caae2988ba2a37765d055c4eee63d383320ee662. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217451.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vercel ≫ Ms SwPlatformnode.js Version < 2.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.125

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:N/A:P

CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

https://github.com/vercel/ms/commit/caae2988ba2a37765d055c4eee63d383320ee662

Patch

https://github.com/vercel/ms/pull/89

Patch

Exploit

Issue Tracking

https://github.com/vercel/ms/releases/tag/2.0.0

Patch

Release Notes

https://vuldb.com/?ctiid.217451

Third Party Advisory

Permissions Required