VulnerableCode Package Details - pkg:deb/debian/node-path-to-regexp@0?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/node-path-to-regexp@0?distro=trixie

purl	pkg:deb/debian/node-path-to-regexp@0?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-2xgj-yjdf-nqeh	path-to-regexp contains a ReDoS ### Impact The regular expression that is vulnerable to backtracking can be generated in versions before 0.1.12 of `path-to-regexp`, originally reported in CVE-2024-45296 ### Patches Upgrade to 0.1.12. ### Workarounds Avoid using two parameters within a single path segment, when the separator is not `.` (e.g. no `/:a-:b`). Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking. ### References - https://github.com/advisories/GHSA-9wv6-86v2-598j - https://blakeembrey.com/posts/2024-09-web-redos/	CVE-2024-52798 GHSA-rhx6-c78j-4q9w

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:03:26.024125+00:00	Debian Importer	Fixing	VCID-2xgj-yjdf-nqeh	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:58:35.490969+00:00	Debian Importer	Fixing	VCID-2xgj-yjdf-nqeh	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:47:13.528392+00:00	Debian Importer	Fixing	VCID-2xgj-yjdf-nqeh	https://security-tracker.debian.org/tracker/data/json	38.1.0