Search for packages
| purl | pkg:npm/path-to-regexp@0.1.11 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2xgj-yjdf-nqeh
Aliases: CVE-2024-52798 GHSA-rhx6-c78j-4q9w |
path-to-regexp contains a ReDoS ### Impact The regular expression that is vulnerable to backtracking can be generated in versions before 0.1.12 of `path-to-regexp`, originally reported in CVE-2024-45296 ### Patches Upgrade to 0.1.12. ### Workarounds Avoid using two parameters within a single path segment, when the separator is not `.` (e.g. no `/:a-:b`). Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking. ### References - https://github.com/advisories/GHSA-9wv6-86v2-598j - https://blakeembrey.com/posts/2024-09-web-redos/ |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T23:16:24.578587+00:00 | GitLab Importer | Affected by | VCID-2xgj-yjdf-nqeh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/path-to-regexp/CVE-2024-52798.yml | 38.4.0 |
| 2026-04-12T00:35:07.117220+00:00 | GitLab Importer | Affected by | VCID-2xgj-yjdf-nqeh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/path-to-regexp/CVE-2024-52798.yml | 38.3.0 |
| 2026-04-03T00:42:53.713611+00:00 | GitLab Importer | Affected by | VCID-2xgj-yjdf-nqeh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/path-to-regexp/CVE-2024-52798.yml | 38.1.0 |