Approved changes feed: RSS · Atom

cpe:2.3:a:octokit:request-error.js:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorOctokit (3a03ff1a-b812-5814-9e78-bc649ef0d1c5)
ProductRequest Error.Js (e9eecc16-3e08-5980-ad80-0038786123b2)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-25289 vulnerable 2026-06-08 07:12:51.107509 @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
MEDIUM (5.3)
@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and "@", an attacker can exploit inefficient regular expression processing, leading to excessive resource consumption. This can significantly degrade server performance or cause a denial-of-service (DoS) condition, impacting availability. Version 6.1.7 contains a fix for the issue.
Published: 2025-02-14T19:35:19.998Z
Updated: 2025-02-14T20:08:32.674Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.