ovirt-web-ui icon indicating copy to clipboard operation
ovirt-web-ui copied to clipboard

Published 20 hours ago verified publisher icon oVirt

path-to-regexp outputs backtracking regular expressions

Open sandrobonazzola opened this issue 4 months ago • 0 comments

path-to-regexp used by ovirt-web-ui is affected by CVE-2024-45296 path-to-regexp outputs backtracking regular expressions

Dependabot fails to update the dependency with:

Dependabot cannot update path-to-regexp to a non-vulnerable version
The latest possible version that can be installed is 0.1.7 because of the following conflicting dependencies:

[email protected] requires path-to-regexp@^1.7.0
[email protected] requires path-to-regexp@^1.7.0 via a transitive dependency on [email protected]
[email protected] requires [email protected] via a transitive dependency on [email protected]
The earliest fixed version is 0.1.10.

VM Portal version number: 1.9.3

sandrobonazzola avatar Sep 26 '24 14:09 sandrobonazzola