CVE-2019-0820 – system.text.regularexpressions

Package

Manager: nuget
Name: system.text.regularexpressions
Vulnerable Version: >=4.3.0 <4.3.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.02248 pctl0.83945

Details

Regular Expression Denial of Service in System.Text.RegularExpressions A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.

Metadata

Created: 2021-08-04T21:03:46Z
Modified: 2023-02-21T18:57:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-cmhx-cq75-c4mj/GHSA-cmhx-cq75-c4mj.json
CWE IDs: ["CWE-1333", "CWE-400"]
Alternative ID: GHSA-cmhx-cq75-c4mj
Finding: F211
Auto approve: 1