CVE-2021-27293

{"id": "CVE-2021-27293", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-07-12T11:15:08.100", "references": [{"url": "https://github.com/restsharp/RestSharp/issues/1556", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://restsharp.dev/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/restsharp/RestSharp/issues/1556", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://restsharp.dev/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-697"}]}], "descriptions": [{"lang": "en", "value": "RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service."}, {"lang": "es", "value": "RestSharp versiones anteiores a 106.11.8-alpha.0.13, usa una Expresi\u00f3n Regular que es vulnerable a una Denegaci\u00f3n de Servicio por Expresi\u00f3n Regular (ReDoS) cuando convierte cadenas en DateTimes. Si un servidor responde con una cadena maliciosa, el cliente que use RestSharp se quedar\u00e1 atascado proces\u00e1ndola durante un tiempo excesivo. As\u00ed, el servidor remoto puede desencadenar una Denegaci\u00f3n de Servicio"}], "lastModified": "2024-11-21T05:57:45.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:restsharp:restsharp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED720ADD-C611-4541-B637-8E43B63AFF95", "versionEndIncluding": "106.11.7"}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F1B7ECC-4AAA-4830-A94C-8C4CC1DDF008"}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "744F5450-A340-4484-8CC2-483886C0E75B"}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81B83013-BACA-463A-B20D-6C22BF27317F"}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDB472BE-A8F8-4001-9F88-9F6FF7F26375"}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE119EAE-E84F-4134-A432-DB625DE49190"}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F7D3C04-6760-4A72-AC13-287E12DE8276"}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7134DE4-9E43-43E6-82BF-C0502AA3F30E"}, {"criteria": "cpe:2.3:a:restsharp:restsharp:106.11.8:alpha0.7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FC1A2B8-6AA1-4477-80BD-9043D202D5F2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}