Raneto Denial of Service via crafted payload injected into `Search` parameter
- Severity:
- High
Description
An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter.
Recommendation
Update the raneto package to the latest compatible version. Followings are version details:
- Affected version(s): <= 0.17.0
- Patched version(s): 0.17.1
References
- GHSA-xxc2-j7jj-6g5m
- cwe.mitre.org
- gainsec.com
- raneto.com
- CVE-2022-35142
- CWE-287
- CAPEC-310
- OWASP 2021-A6
- OWASP 2021-A7
Related Issues
- steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments - CVE-2022-37262
- Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service - CVE-2022-35204
- steal vulnerable to Regular Expression Denial of Service via input variable - CVE-2022-37260
- angular vulnerable to regular expression denial of service via the $resource service - CVE-2023-26117
- Tags:
- npm
- raneto
Anything's wrong? Let us know Last updated on January 31, 2023