CVE-2021-38244
HIGHcbioportal < 3.6.21 - Regular Expression Denial of Service via ProteinArraySignificanceTest Endpoint
Title source: llmDescription
A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/cBioPortal/cbioportal/issues/8680
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/cBioPortal/cbioportal/pull/8751
Scores
CVSS v3
7.5
EPSS
0.0118
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-770
Status
published
Products (1)
cbioportal_project/cbioportal
< 3.6.21
Published
Dec 16, 2021
Tracked Since
Feb 18, 2026