How severe is CVE-2023-33289?

CVE-2023-33289 has a CVSS v3 score of 7.5 (HIGH).

CVE-2023-33289

Name: urlnorm
Author: urlnorm_project

7.5HIGH

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of U

发布于: 6/21/2023更新于: 3/8/2025

描述

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."

AI分析AI驱动

受影响产品

urlnorm_projecturlnorm

参考资料

https://gist.github.com/6en6ar/b118888dc739e8979038f24c8ac33611
ExploitThird Party Advisory
https://github.com/progscrape/urlnorm
Product
https://lib.rs/crates/urlnorm
Product
https://news.ycombinator.com/item?id=40435263
https://gist.github.com/6en6ar/b118888dc739e8979038f24c8ac33611
ExploitThird Party Advisory
https://github.com/progscrape/urlnorm
Product
https://lib.rs/crates/urlnorm
Product