CVE-2021-40660 – org.javadelight:delight-nashorn-sandbox

Package

Manager: maven
Name: org.javadelight:delight-nashorn-sandbox
Vulnerable Version: >=0 <0.3.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00266 pctl0.49808

Details

Regular expression denial of service in Delight Nashorn Sandbox An issue was discovered in Delight Nashorn Sandbox. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack.

Metadata

Created: 2022-06-15T00:00:24Z
Modified: 2022-06-23T21:25:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-38j3-6fm8-pfgc/GHSA-38j3-6fm8-pfgc.json
CWE IDs: ["CWE-1333"]
Alternative ID: GHSA-38j3-6fm8-pfgc
Finding: F211
Auto approve: 1