How severe is CVE-2024-28864?

This vulnerability has a severity rating of LOW with a CVSS score of 2.6 out of 10.

What type of vulnerability is CVE-2024-28864?

This is classified as CWE-1333, which is a common weakness in software security.

CVE-2024-28864 - LOW Severity | CVSS 2.6

Vulnerability Description

SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with `NullEncoder` and passed to `TagAwareCipher`, and contains special characters such as `\n`. As a result, the decryption process is skipped since the tags are not detected. This causes the encrypted data to be returned in plain format. The vulnerability affects users who implement `TagAwareCipher` with any base cipher that has `NullEncoder` (not default). The patch for the issue has been released. Users are advised to update to version 1.2.2. As a workaround, one may use the default `Base64Encoder` with the base cipher decorated with `TagAwareCipher` to prevent special characters in the encrypted string from interfering with regex tag detection logic. This workaround is safe but may involve double encoding since `TagAwareCipher` uses `NullEncoder` by default.

Related Vulnerabilities

CVE-2022-34428

LOW

CVSS:2.7(Low)

Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, ...

CWE-13332022

CVE-2024-9277

MEDIUM

CVSS:3.5(Low)

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of th...

CWE-13332024

CVE-2024-9506

LOW

CVSS:3.7(Low)

Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.

CWE-13332024

CVE-2022-2908

MEDIUM

CVSS:4.3(Medium)

A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 all...

CWE-13332022

CVE-2024-6434

MEDIUM

CVSS:4.3(Medium)

The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-suppli...

CWE-13332024

CVE-2025-1194

MEDIUM

CVSS:4.3(Medium)

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japane...

CWE-13332025