Vulnerability in Pillarjs Path-to-regexp

CVE-2024-52798

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can…

Vulnerability class: ReDoS (Regular Expression Denial of Service)

EPSS: 0.008 (51.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-52798?
CVE-2024-52798 is a vulnerability in Pillarjs Path-to-regexp, classified under Inefficient Regular Expression Complexity. Published 2024-12-05.
Is CVE-2024-52798 known to be exploited?
3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.