insane is a whitelist-oriented HTML sanitizer. Versions 2.6.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.
References
Link | Resource |
---|---|
https://github.com/bevacqua/insane/issues/19 | Issue Tracking Third Party Advisory |
https://securitylab.github.com/advisories/GHSL-2020-289-redos-insane/ | Exploit Third Party Advisory |
Configurations
History
13 Nov 2024, 19:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:bevacqua:insane:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | () https://github.com/bevacqua/insane/issues/19 - Issue Tracking, Third Party Advisory | |
References | () https://securitylab.github.com/advisories/GHSL-2020-289-redos-insane/ - Exploit, Third Party Advisory | |
First Time |
Bevacqua insane
Bevacqua |
28 Oct 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
26 Oct 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-26 21:15
Updated : 2024-11-13 19:55
NVD link : CVE-2020-26303
Mitre link : CVE-2020-26303
CVE.ORG link : CVE-2020-26303
JSON object : View
Products Affected
bevacqua
- insane
CWE
CWE-1333
Inefficient Regular Expression Complexity