How severe is CVE-2017-20162?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2017-20162?

This is classified as CWE-1333, which is a common weakness in software security.

CVE-2017-20162 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is named caae2988ba2a37765d055c4eee63d383320ee662. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217451.

Related Vulnerabilities

CVE-2021-23362

MEDIUM

CVSS:5.3(Medium)

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular e...

CWE-13332021

CVE-2021-23364

MEDIUM

CVSS:5.3(Medium)

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

CWE-13332021

CVE-2021-3765

MEDIUM

CVSS:5.3(Medium)

validator.js is vulnerable to Inefficient Regular Expression Complexity

CWE-13332021

CVE-2021-3820

MEDIUM

CVSS:5.3(Medium)

inflect is vulnerable to Inefficient Regular Expression Complexity

CWE-13332021

CVE-2021-3822

MEDIUM

CVSS:5.3(Medium)

jsoneditor is vulnerable to Inefficient Regular Expression Complexity

CWE-13332021

CVE-2022-1954

MEDIUM

CVSS:5.3(Medium)

A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a Git...

CWE-13332022