7.5
CVE-2025-54796
- EPSS 0.38%
- Veröffentlicht 01.08.2025 23:38:27
- Zuletzt bearbeitet 12.09.2025 16:13:54
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginCopyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through "Recent Uploads" page
Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.297 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-1333 Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-833 Deadlock
The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.
https://github.com/9001/copyparty/security/advisories/GHSA-5662-2rj7-f2v6
https://github.com/9001/copyparty/commit/09910ba80784c3980947d92f45db696398c0fd83
https://github.com/9001/copyparty/releases/tag/v1.18.9