Vulnerability Details CVE-2023-33290
The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.2%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2023-33290
-
cpe:2.3:a:git-url-parse_project:git-url-parse:0.0.1
-
cpe:2.3:a:git-url-parse_project:git-url-parse:0.1.0
-
cpe:2.3:a:git-url-parse_project:git-url-parse:0.2.0
-
cpe:2.3:a:git-url-parse_project:git-url-parse:0.3.0
-
cpe:2.3:a:git-url-parse_project:git-url-parse:0.3.1
-
cpe:2.3:a:git-url-parse_project:git-url-parse:0.4.0
-
cpe:2.3:a:git-url-parse_project:git-url-parse:0.4.1
-
cpe:2.3:a:git-url-parse_project:git-url-parse:0.4.2
-
cpe:2.3:a:git-url-parse_project:git-url-parse:0.4.3
-
cpe:2.3:a:git-url-parse_project:git-url-parse:0.4.4