CVE-2020-36830: nescalante/urlregex ReDoS Vulnerability Advisory

Key Information 1. Vulnerability Name: - Nescalante Urlregex Up to 0.5.0 Backtracking Index.js Redos 2. Vulnerability ID: - VDB-276269 - CVE-2020-36830 3. Affected Component: - Backtracking 4. Affected File: - index.js 5. Issue Description: - The vulnerability exists in the file of , affecting an unknown function. - The vulnerability causes a backtracking issue, potentially leading to a Denial of Service (DoS) attack. 6. CVSS Meta Temp Score: - 4.1 7. Current Vulnerability Price: - $0-$5k 8. CTI Interest Score: - 3.50 9. Impact: - Affects Availability. 10. Disclosure Date: - August 14, 2020 11. Vulnerability Identification: - CVE-2020-36830 12. Exploit Difficulty: - Easy 13. Exploit Method: - Remote 14. Known Exploits: - Publicly Available 15. Remediation Recommendation: - Upgrade to version 0.5.1, which fixes this issue. - Patch released, available on . 16. Exploit Tools: - Publicly Available 17. Exploit Code: - Publicly Available 18. Proof of Exploit: - Publicly Available 19. Best Mitigation: - Upgrade to the latest version. 20. Vulnerability Disclosure: - Publicly Available 21. Vulnerability Identification: - Publicly Available 22. Exploit: - Publicly Available 23. Exploit Code: - Publicly Available 24. Proof of Exploit: - Publicly Available 25. Exploit Tools: - Publicly Available 26. Exploit Code: - Publicly Available 27. Proof of Exploit: - Publicly Available 28. Exploit Tools: - Publicly Available 29. Exploit Code: - Publicly Available 30. Proof of Exploit: - Publicly Available 31. Exploit Tools: - Publicly Available 32. Exploit Code: - Publicly Available 33. Proof of Exploit: - Publicly Available 34. Exploit Tools: - Publicly Available 35. Exploit Code: - Publicly Available 36. Proof of Exploit: - Publicly Available 37. Exploit Tools: - Publicly Available 38. Exploit Code: - Publicly Available 39. Proof of Exploit: - Publicly Available 40. Exploit Tools: - Publicly Available 41. Exploit Code: - Publicly Available 42. Proof of Exploit: - Publicly Available 43. Exploit Tools: - Publicly Available 44. Exploit Code: - Publicly Available 45. Proof of Exploit: - Publicly Available 46. Exploit Tools: - Publicly Available 47. Exploit Code: - Publicly Available 48. Proof of Exploit: - Publicly Available 49. Exploit Tools: - Publicly Available 50. Exploit Code: - Publicly Available 51. Proof of Exploit: - Publicly Available 52. Exploit Tools: - Publicly Available 53. Exploit Code: - Publicly Available 54. Proof of Exploit: - Publicly Available 55. Exploit Tools: - Publicly Available 56. Exploit Code: - Publicly Available 57. Proof of Exploit: - Publicly Available 58. Exploit Tools: - Publicly Available 59. Exploit Code: - Publicly Available 60. Proof of Exploit: - Publicly Available 61. Exploit Tools: - Publicly Available 62. Exploit Code: - Publicly Available 63. Proof of Exploit: - Publicly Available 64. Exploit Tools: - Publicly Available 65. Exploit Code: - Publicly Available 66. Proof of Exploit: - Publicly Available 67. Exploit Tools: - Publicly Available 68. Exploit Code: - Publicly Available 69. Proof of Exploit: - Publicly Available 70. Exploit Tools: - Publicly Available 71. Exploit Code: - Publicly Available 72. Proof of Exploit: - Publicly Available 73. Exploit Tools: - Publicly Available 74. Exploit Code: - Publicly Available 75. Proof of Exploit: - Publicly Available 76. Exploit Tools: - Publicly Available 77. Exploit Code: - Publicly Available 78. Proof of Exploit: - Publicly Available 79. Exploit Tools: - Publicly Available 80. Exploit Code: - Publicly Available 81. Proof of Exploit: - Publicly Available 82. Exploit Tools: - Publicly Available 83. Exploit Code: - Publicly Available 84. Proof of Exploit: - Publicly Available 85. Exploit Tools: - Publicly Available 86. Exploit Code: - Publicly Available 87. Proof of Exploit: - Publicly Available 88. Exploit Tools: - Publicly Available 89. Exploit Code: - Publicly Available 90. Proof of Exploit: - Publicly Available 91. Exploit Tools: - Publicly Available 92. Exploit Code: - Publicly Available 93. Proof of Exploit: - Publicly Available 94. Exploit Tools: - Publicly Available 95. Exploit Code: - Publicly Available 96. Proof of Exploit: - Publicly Available 97. Exploit Tools: - Publicly Available 98. Exploit Code: - Publicly Available 99. Proof of Exploit: - Publicly Available 100. Exploit Tools: - Publicly Available 101. Exploit Code: - Publicly Available 102. Proof of Exploit: - Publicly Available 103. Exploit Tools: - Publicly Available 104. Exploit Code: - Publicly Available 105. Proof of Exploit: - Publicly Available 106. Exploit Tools: - Publicly Available 107. Exploit Code: - Publicly Available 108. Proof of Exploit: - Publicly Available 109. Exploit Tools: - Publicly Available 110. Exploit Code: - Publicly Available 111. Proof of Exploit: - Publicly Available 112. Exploit Tools: - Publicly Available 113. Exploit Code: - Publicly Available 114. Proof of Exploit: - Publicly Available 115. Exploit Tools: - Publicly Available 116. Exploit Code:

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-36830: nescalante/urlregex ReDoS Vulnerability Advisory