Vulnerabilities > CVE-2023-33290 - Unspecified vulnerability in Git-Url-Parse Project Git-Url-Parse

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

git-url-parse-project

NVD

Published: 2023-06-12

Updated: 2023-06-21

Summary

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).

Vulnerable Configurations

Part	Description	Count
Application	Git-Url-Parse_Project GIT URL Parse Project GIT URL Parse 0.0.1 GIT URL Parse Project GIT URL Parse 0.1.0 GIT URL Parse Project GIT URL Parse 0.2.0 GIT URL Parse Project GIT URL Parse 0.3.0 GIT URL Parse Project GIT URL Parse 0.3.1 GIT URL Parse Project GIT URL Parse 0.4.0 GIT URL Parse Project GIT URL Parse 0.4.1 GIT URL Parse Project GIT URL Parse 0.4.2 GIT URL Parse Project GIT URL Parse 0.4.3 GIT URL Parse Project GIT URL Parse 0.4.4	10

Summary

Vulnerable Configurations

References