CVE-2024-54157
Vulnerability Scoring
Attack Complexity Details
- Attack Complexity: Low Impact
- Attack Vector: NETWORK
- Privileges Required: Low Impact
- Scope: UNCHANGED
- User Interaction: NONE
CIA Impact Definition
- Confidentiality:
- Integrity:
- Availability: Low Impact
CVE-2024-54157 Vulnerability Summary
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
Need help fixing CVEs? Check out our Step-by-Step Guide on How to Fix CVEs.
Access Complexity Graph for CVE-2024-54157
Impact Analysis for CVE-2024-54157
CVE-2024-54157: Detailed Information and External References
EPSS
0.00043
EPSS %
0.10932
References
0.00043
CWE
CWE-1333
CAPEC
0.00043
- Regular Expression Exponential Blowup: An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.
CVSS3 Source
cve@jetbrains.com
CVSS3 Type
Secondary
CVSS3 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Protect Your Infrastructure: Combat Critical CVE Threats
Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.