Description
A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The patch is identified as 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability.
References (5)
Core 5
Core References
Permissions Required, Third Party Advisory vdb-entry
https://vuldb.com/?id.220058
Permissions Required, Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.220058
Issue Tracking, Patch issue-tracking
https://github.com/segmentio/is-url/pull/18
Release Notes patch
https://github.com/segmentio/is-url/releases/tag/v1.2.3
Scores
CVSS v3
4.3
EPSS
0.0050
EPSS Percentile
66.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-1333
Status
published
Products (2)
npm/is-url
0 - 1.2.3npm
segment/is-url
< 1.2.2
Published
Feb 04, 2023
Tracked Since
Feb 18, 2026