CVE-2025-25289 | octokit request-error.js up to 6.1.6 Authorization Header redos (GHSA-xx4v-prfh-6cgc)

Inserito da Angelo Barbosa | Feb 15, 2025 | CVE

A vulnerability was found in octokit request-error.js up to 6.1.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Authorization Header Handler. The manipulation leads to inefficient regular expression complexity.

This vulnerability is handled as CVE-2025-25289. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-25289 | octokit request-error.js up to 6.1.6 Authorization Header redos (GHSA-xx4v-prfh-6cgc)

Post correlati

CVE-2023-6520 | WP 2FA Plugin up to 2.5.0 on WordPress cross-site request forgery

CVE-2023-33206 | Diebold Nixdorf Vynamic Security Suite Pre-Boot Authorization improper authorization

CVE-2024-8288 | adreastrian Guten Post Layout Plugin up to 1.2.4 on WordPress Gutenberg Block wp cross site scripting

CVE-2024-49279 | TipTopPress Hyperlink Group Block Plugin up to 1.17.5 on WordPress cross site scripting