CVE-2021-29061

HIGH

Vfsjfilechooser2 < 0.2.9 - Resource Allocation Without Limits

Title source: rule

Description

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs.

References (5)

Core 5

Core References

Exploit, Patch, Third Party Advisory x_refsource_misc

https://github.com/yetingli/SaveResults/blob/main/md/vfsjfilechooser2.md

View Exploit ZIP pw:eip

Release Notes, Third Party Advisory x_refsource_misc

https://github.com/fracpete/vfsjfilechooser2/releases/tag/vfsjfilechooser2-0.2.9

Exploit, Issue Tracking, Third Party Advisory x_refsource_misc

https://github.com/fracpete/vfsjfilechooser2/issues/7

Patch, Third Party Advisory x_refsource_misc

https://github.com/fracpete/vfsjfilechooser2/commit/9c9f2c317f3de5ece60a3ae28c371e9796e3909b

View Patch ZIP pw:eip

Exploit, Patch, Third Party Advisory x_refsource_misc

https://github.com/yetingli/PoCs/blob/main/CVE-2021-29061/Vfsjfilechooser2.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0152

EPSS Percentile 81.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-770

Status published

Products (2)

com.github.fracpete/vfsjfilechooser2 0 - 0.2.9Maven

vfsjfilechooser2_project/vfsjfilechooser2 < 0.2.9

Published Jun 21, 2021

Tracked Since Feb 18, 2026