Vulnerabilities > CVE-2021-32848 - Unspecified vulnerability in Octobox Project Octobox

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

octobox-project

NVD

Published: 2023-02-20

Updated: 2023-03-01

Summary

Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807.

Vulnerable Configurations

Part	Description	Count
Application	Octobox_Project Octobox Project Octobox *	1

References

https://github.com/octobox/octobox/blob/372a0da981dbf47319fed4116364118fdf09fcc3/lib/search_parser.rb#L5
https://github.com/octobox/octobox/pull/2807
https://securitylab.github.com/advisories/GHSL-2021-100-octobox-octobox/