PrestaShop validators/base.js Regex DOS Vulnerability (CVE-2018-25074)
CVE-2018-25074 Published on January 11, 2023
Prestaul skeemas base.js redos
A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The patch is named 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218003.
Timeline
Advisory disclosed
CVE reserved
VulDB entry created
VulDB entry last update 21 days later.
Weakness Type
What is a ReDoS Vulnerability?
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. Some regular expression engines have a feature called "backtracking". If the token cannot match, the engine "backtracks" to a position that may result in a different token that can match. Backtracking becomes a weakness if all of these conditions are met:
CVE-2018-25074 has been classified to as a ReDoS vulnerability or weakness.
Products Associated with CVE-2018-25074
stack.watch emails you whenever new vulnerabilities are published in Skeemasproject Skeemas or PrestaShop. Just hit a watch button to start following.
Affected Versions
Prestaul skeemas Version n/a is affected by CVE-2018-25074Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.