How severe is CVE-2023-33289?

CVE-2023-33289 has a CVSS v3 score of 7.5 (HIGH).

CVE-2023-33289

Name: urlnorm
Author: urlnorm_project

7.5HIGH

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of U

Published: 6/21/2023Updated: 3/8/2025

Description

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."

AI AnalysisPowered by AI

Affected Products

urlnorm_projecturlnorm

References

https://gist.github.com/6en6ar/b118888dc739e8979038f24c8ac33611
ExploitThird Party Advisory
https://github.com/progscrape/urlnorm
Product
https://lib.rs/crates/urlnorm
Product
https://news.ycombinator.com/item?id=40435263
https://gist.github.com/6en6ar/b118888dc739e8979038f24c8ac33611
ExploitThird Party Advisory
https://github.com/progscrape/urlnorm
Product
https://lib.rs/crates/urlnorm
Product