Switcher Client contains Regular Expression Denial of Service (ReDoS)

Impact

Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS).

Patches

Patched in 3.1.4

Workarounds

Avoid using Strategy settings that use REGEX in conjunction with EXIST and NOT_EXIST operations.

References

petruki published to switcherapi/switcher-client-js Feb 2, 2023

Published to the GitHub Advisory Database Feb 2, 2023

Reviewed Feb 2, 2023

Published by the National Vulnerability Database Feb 3, 2023

Last updated Apr 21, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

Impact

Patches

Workarounds

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

EPSS score

Weaknesses

CVE ID

GHSA ID

Source code

Credits