Executive Summary
This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary
Informations
Name
CVE-2023-26112
First vendor Publication
2023-04-03
Vendor
Cve
Last vendor Modification
2023-04-03
Security-Database Scoring CVSS v3
Cvss vector : N/A
Overall CVSS Score
NA
Base Score
NA
Environmental Score
NA
impact SubScore
NA
Temporal Score
NA
Exploitabality Sub Score
NA
Calculate full CVSS 3.0 Vectors scores
Security-Database Scoring CVSS v2
Cvss vector :
Cvss Base Score
N/A
Attack Range
N/A
Cvss Impact Score
N/A
Attack Complexity
N/A
Cvss Expoit Score
N/A
Authentication
N/A
Calculate full CVSS 2.0 Vectors scores
Detail
All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)((.*)). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26112
Sources (Detail)
Alert History
If you want to see full details history, please login or register. Date
Informations
2023-04-03 13:11:36
Support the originator by clicking the read the rest link below.