CVE-2020-26303

insane is a whitelist-oriented HTML sanitizer. Versions 2.6.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.
References
Link Resource
https://github.com/bevacqua/insane/issues/19 Issue Tracking Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2020-289-redos-insane/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:bevacqua:insane:*:*:*:*:*:*:*:*

History

13 Nov 2024, 19:55

Type Values Removed Values Added
CPE cpe:2.3:a:bevacqua:insane:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://github.com/bevacqua/insane/issues/19 - () https://github.com/bevacqua/insane/issues/19 - Issue Tracking, Third Party Advisory
References () https://securitylab.github.com/advisories/GHSL-2020-289-redos-insane/ - () https://securitylab.github.com/advisories/GHSL-2020-289-redos-insane/ - Exploit, Third Party Advisory
First Time Bevacqua insane
Bevacqua

28 Oct 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) insane es un sanitizador HTML orientado a listas blancas. Las versiones 2.6.2 y anteriores contienen una o más expresiones regulares que son vulnerables a la denegación de servicio de expresiones regulares (ReDoS). Al momento de la publicación, no se conocen parches disponibles.

26 Oct 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-26 21:15

Updated : 2024-11-13 19:55


NVD link : CVE-2020-26303

Mitre link : CVE-2020-26303

CVE.ORG link : CVE-2020-26303


JSON object : View

Products Affected

bevacqua

  • insane
CWE
CWE-1333

Inefficient Regular Expression Complexity