Vulnerabilities > CVE-2023-23925 - Unspecified vulnerability in Switcherapi Switcher Client

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

switcherapi

NVD

Published: 2023-02-03

Updated: 2024-11-21

Summary

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS). This issue has been patched in version 3.1.4. As a workaround, avoid using Strategy settings that use REGEX in conjunction with EXIST and NOT_EXIST operations.

Vulnerable Configurations

Part	Description	Count
Application	Switcherapi Switcherapi Switcher Client - Switcherapi Switcher Client 1.0.1 Switcherapi Switcher Client 1.0.2 Switcherapi Switcher Client 1.0.3 Switcherapi Switcher Client 1.0.4 Switcherapi Switcher Client 1.0.5 Switcherapi Switcher Client 1.0.6 Switcherapi Switcher Client 1.0.7 Switcherapi Switcher Client 1.0.8 Switcherapi Switcher Client 2.0.0 Switcherapi Switcher Client 2.0.1 Switcherapi Switcher Client 2.0.2 Switcherapi Switcher Client 2.0.3 Switcherapi Switcher Client 2.0.4 Switcherapi Switcher Client 2.0.5 Switcherapi Switcher Client 2.0.6 Switcherapi Switcher Client 2.0.7 Switcherapi Switcher Client 2.0.8 Switcherapi Switcher Client 2.0.9 Switcherapi Switcher Client 2.1.0 Switcherapi Switcher Client 2.1.1 Switcherapi Switcher Client 3.0.0 Switcherapi Switcher Client 3.0.1 Switcherapi Switcher Client 3.1.0 Switcherapi Switcher Client 3.1.1 Switcherapi Switcher Client 3.1.2 Switcherapi Switcher Client 3.1.3	27

Summary

Vulnerable Configurations

References