You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2024 45296
About this tag
CVE-2024-45296 is a high-severity vulnerability in the path-to-regexp library, a widely used Node.js utility for converting route patterns like /user/:id into regular expressions. Under common route configurations, the library can generate regex patterns that trigger catastrophic backtracking, leading to excessive CPU consumption. This flaw creates a low-complexity Denial-of-Service (DoS) vector, allowing an attacker to freeze Node.js servers by sending specially crafted requests. The vulnerability affects applications relying on path-to-regexp for routing, including many popular frameworks. Discussions on WindowsForum cover the technical details, impact, and mitigation strategies for CVE-2024-45296, emphasizing the need for prompt patching to prevent service disruption.
The path-to-regexp library can, under very common route patterns, generate regular expressions that trigger catastrophic backtracking — a bug tracked as CVE-2024-45296 that can freeze Node.js servers and create an easy, low‑complexity Denial‑of‑Service (DoS) vector against applications that rely...