CVE-2023-25166

formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:hapi:formula:*:*:*:*:*:node.js:*:*

History

21 Nov 2024, 07:49

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 5.5
References () https://github.com/hapijs/formula/commit/9fbc20a02d75ae809c37a610a57802cd1b41b3fe - Patch () https://github.com/hapijs/formula/commit/9fbc20a02d75ae809c37a610a57802cd1b41b3fe - Patch
References () https://github.com/hapijs/formula/security/advisories/GHSA-c2jc-4fpr-4vhg - Vendor Advisory () https://github.com/hapijs/formula/security/advisories/GHSA-c2jc-4fpr-4vhg - Vendor Advisory

Information

Published : 2023-02-08 20:15

Updated : 2024-11-21 07:49


NVD link : CVE-2023-25166

Mitre link : CVE-2023-25166

CVE.ORG link : CVE-2023-25166


JSON object : View

Products Affected

hapi

  • formula
CWE
CWE-1333

Inefficient Regular Expression Complexity