CVE-2024-45813 - Vulnerability Details

- ReDoS vulnerability in multiparametric routes in find-my-way

Description

find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, like `/:a-:b-`. This may cause a denial of service in some instances. Users are advised to update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. There are no known workarounds for this issue.

Published: 2024-09-18

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

delvedor

find-my-way

affected

Version	Status	Constraints
`< 8.2.2`	affected	—
`= 9.0.0`	affected	—

No data.

Package	CPE	Advisory	Released Date
multicluster engine for Kubernetes 2.6 for RHEL 8
multicluster-engine/assisted-image-service-rhel8:v2.6.4-4	cpe:/a:redhat:multicluster_engine:2.6::el8	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/assisted-installer-agent-rhel8:v2.6.4-7	cpe:/a:redhat:multicluster_engine:2.6::el8	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/assisted-installer-controller-rhel8:v2.6.4-6	cpe:/a:redhat:multicluster_engine:2.6::el8	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/assisted-installer-rhel8:v2.6.4-7	cpe:/a:redhat:multicluster_engine:2.6::el8	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/assisted-service-8-rhel8:v2.6.4-11	cpe:/a:redhat:multicluster_engine:2.6::el8	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster engine for Kubernetes 2.6 for RHEL 9
multicluster-engine/addon-manager-rhel9:v2.6.4-14	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/assisted-service-9-rhel9:v2.6.4-11	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/backplane-rhel9-operator:v2.6.4-21	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/cluster-api-provider-agent-rhel9:v2.6.4-6	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/cluster-api-provider-kubevirt-rhel9:v2.6.4-4	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/cluster-api-rhel9:v2.6.4-4	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/clusterclaims-controller-rhel9:v2.6.4-6	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/cluster-curator-controller-rhel9:v2.6.4-6	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/cluster-image-set-controller-rhel9:v2.6.4-6	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/clusterlifecycle-state-metrics-rhel9:v2.6.4-7	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/cluster-proxy-addon-rhel9:v2.6.4-6	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/cluster-proxy-rhel9:v2.6.4-5	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/console-mce-rhel9:v2.6.4-19	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/discovery-rhel9:v2.6.4-14	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/hive-rhel9:v2.6.4-6	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/hypershift-addon-rhel9-operator:v2.6.4-6	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/hypershift-cli-rhel9:v2.6.4-24	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/hypershift-rhel9-operator:v2.6.4-23	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/image-based-install-rhel9:v2.6.4-65	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/kube-rbac-proxy-mce-rhel9:v2.6.4-3	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/managedcluster-import-controller-rhel9:v2.6.4-8	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/managed-serviceaccount-rhel9:v2.6.4-14	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/mce-operator-bundle:v2.6.4-47	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/multicloud-manager-rhel9:v2.6.4-6	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/must-gather-rhel9:v2.6.4-18	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/placement-rhel9:v2.6.4-14	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/provider-credential-controller-rhel9:v2.6.4-6	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/registration-operator-rhel9:v2.6.4-14	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/registration-rhel9:v2.6.4-14	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster-engine/work-rhel9:v2.6.4-14	cpe:/a:redhat:multicluster_engine:2.6::el9	RHSA-2024:11293	2024-12-17T00:00:00Z
multicluster engine for Kubernetes 2.7 for RHEL 8
multicluster-engine/assisted-service-8-rhel8:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el8	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster engine for Kubernetes 2.7 for RHEL 9
multicluster-engine/addon-manager-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/assisted-image-service-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/assisted-installer-agent-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/assisted-installer-controller-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/assisted-installer-rhel9:v2.7.2-2	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/assisted-service-9-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/backplane-rhel9-operator:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/cluster-api-provider-agent-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/cluster-api-provider-kubevirt-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/cluster-api-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/clusterclaims-controller-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/cluster-curator-controller-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/cluster-image-set-controller-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/clusterlifecycle-state-metrics-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/cluster-proxy-addon-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/cluster-proxy-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/console-mce-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/discovery-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/hive-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/hypershift-addon-rhel9-operator:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/hypershift-cli-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/hypershift-rhel9-operator:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/image-based-install-rhel9:v2.7.2-3	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/kube-rbac-proxy-mce-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/managedcluster-import-controller-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/managed-serviceaccount-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/mce-operator-bundle:v2.7.2-3	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/multicloud-manager-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/must-gather-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/placement-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/provider-credential-controller-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/registration-operator-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/registration-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
multicluster-engine/work-rhel9:v2.7.2-1	cpe:/a:redhat:multicluster_engine:2.7::el9	RHSA-2024:10857	2024-12-05T00:00:00Z
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9
rhacm2/acm-cluster-permission-rhel9:v2.11.4-4	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/acm-governance-policy-addon-controller-rhel9:v2.11.4-12	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/acm-governance-policy-framework-addon-rhel9:v2.11.4-13	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/acm-grafana-rhel9:v2.11.4-4	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/acm-must-gather-rhel9:v2.11.4-12	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/acm-operator-bundle:v2.11.4-47	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/acm-prometheus-config-reloader-rhel9:v2.11.4-3	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/acm-prometheus-rhel9:v2.11.4-3	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/acm-search-indexer-rhel9:v2.11.4-10	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/acm-search-v2-api-rhel9:v2.11.4-12	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/acm-search-v2-rhel9:v2.11.4-11	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/acm-volsync-addon-controller-rhel9:v2.11.4-22	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/cert-policy-controller-rhel9:v2.11.4-12	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/cluster-backup-rhel9-operator:v2.11.4-25	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/config-policy-controller-rhel9:v2.11.4-15	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/console-rhel9:v2.11.4-17	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/endpoint-monitoring-rhel9-operator:v2.11.4-6	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/governance-policy-propagator-rhel9:v2.11.4-13	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/grafana-dashboard-loader-rhel9:v2.11.4-6	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/insights-client-rhel9:v2.11.4-10	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/insights-metrics-rhel9:v2.11.4-11	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/klusterlet-addon-controller-rhel9:v2.11.4-6	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/kube-rbac-proxy-rhel9:v2.11.4-3	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/kube-state-metrics-rhel9:v2.11.4-3	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/memcached-exporter-rhel9:v2.11.4-3	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/memcached-rhel9:v2.11.4-3	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/metrics-collector-rhel9:v2.11.4-6	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/multicloud-integrations-rhel9:v2.11.4-3	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/multiclusterhub-rhel9:v2.11.4-16	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/multicluster-observability-rhel9-operator:v2.11.4-6	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/multicluster-operators-application-rhel9:v2.11.4-3	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/multicluster-operators-channel-rhel9:v2.11.4-3	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/multicluster-operators-subscription-rhel9:v2.11.4-5	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/node-exporter-rhel9:v2.11.4-4	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/observatorium-rhel9:v2.11.4-5	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/observatorium-rhel9-operator:v2.11.4-6	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/prometheus-alertmanager-rhel9:v2.11.4-3	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/prometheus-rhel9:v2.11.4-3	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/rbac-query-proxy-rhel9:v2.11.4-6	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/search-collector-rhel9:v2.11.4-10	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/submariner-addon-rhel9:v2.11.4-17	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/thanos-receive-controller-rhel9:v2.11.4-3	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
rhacm2/thanos-rhel9:v2.11.4-5	cpe:/a:redhat:acm:2.11::el9	RHSA-2024:11381	2024-12-18T00:00:00Z
Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9
rhacm2/acm-cli-rhel9:v2.12.1-4	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/acm-cluster-permission-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/acm-governance-policy-addon-controller-rhel9:v2.12.1-4	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/acm-governance-policy-framework-addon-rhel9:v2.12.1-4	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/acm-grafana-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/acm-multicluster-observability-addon-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/acm-must-gather-rhel9:v2.12.1-5	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/acm-operator-bundle:v2.12.1-10	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/acm-prometheus-config-reloader-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/acm-prometheus-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/acm-search-indexer-rhel9:v2.12.1-4	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/acm-search-v2-api-rhel9:v2.12.1-4	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/acm-search-v2-rhel9:v2.12.1-4	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/acm-siteconfig-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/acm-volsync-addon-controller-rhel9:v2.12.1-4	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/cert-policy-controller-rhel9:v2.12.1-4	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/cluster-backup-rhel9-operator:v2.12.1-4	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/config-policy-controller-rhel9:v2.12.1-4	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/console-rhel9:v2.12.1-8	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/endpoint-monitoring-rhel9-operator:v2.12.1-3	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/governance-policy-propagator-rhel9:v2.12.1-4	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/grafana-dashboard-loader-rhel9:v2.12.1-3	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/insights-client-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/insights-metrics-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/klusterlet-addon-controller-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/kube-rbac-proxy-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/kube-state-metrics-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/memcached-exporter-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/memcached-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/metrics-collector-rhel9:v2.12.1-3	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/multicloud-integrations-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/multiclusterhub-rhel9:v2.12.1-4	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/multicluster-observability-rhel9-operator:v2.12.1-3	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/multicluster-operators-application-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/multicluster-operators-channel-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/multicluster-operators-subscription-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/node-exporter-rhel9:v2.12.1-3	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/observatorium-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/observatorium-rhel9-operator:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/prometheus-alertmanager-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/prometheus-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/rbac-query-proxy-rhel9:v2.12.1-3	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/search-collector-rhel9:v2.12.1-3	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/submariner-addon-rhel9:v2.12.1-5	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/thanos-receive-controller-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
rhacm2/thanos-rhel9:v2.12.1-2	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:10865	2024-12-05T00:00:00Z
Red Hat OpenShift Dev Spaces 3 Containers
devspaces/dashboard-rhel8:3.17-25	cpe:/a:redhat:openshift_devspaces:3::el8	RHSA-2024:10236	2024-11-25T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-2867	find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, like `/:a-:b-`. This may cause a denial of service in some instances. Users are advised to update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. There are no known workarounds for this issue.
Github GHSA	GHSA-rrr8-f88r-h8q6	find-my-way has a ReDoS vulnerability in multiparametric routes

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00076.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://blakeembrey.com/posts/2024-09-web-redos
https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440
https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6
https://nvd.nist.gov/vuln/detail/CVE-2024-45813
https://www.cve.org/CVERecord?id=CVE-2024-45813

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00071}`	epss `{'score': 0.00083}`

Thu, 13 Feb 2025 00:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:acm:2.11::el9

Wed, 18 Dec 2024 02:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:acm:2.11::el9~~

Thu, 19 Dec 2024 02:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:acm:2.11::el9 cpe:/a:redhat:multicluster_engine:2.6::el8 cpe:/a:redhat:multicluster_engine:2.6::el9

Sat, 07 Dec 2024 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat acm Redhat multicluster Engine
CPEs		cpe:/a:redhat:acm:2.12::el9 cpe:/a:redhat:multicluster_engine:2.7::el8 cpe:/a:redhat:multicluster_engine:2.7::el9
Vendors & Products		Redhat acm Redhat multicluster Engine

Wed, 27 Nov 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat openshift Devspaces
CPEs		cpe:/a:redhat:openshift_devspaces:3::el8
Vendors & Products		Redhat Redhat openshift Devspaces

Wed, 18 Sep 2024 21:30:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2024-45813 https://www.cve.org/CVERecord?id=CVE-2024-45813
Metrics	threat_severity `None`	threat_severity `Moderate`

Wed, 18 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 18 Sep 2024 17:00:00 +0000

Type	Values Removed	Values Added
Description		find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, like `/:a-:b-`. This may cause a denial of service in some instances. Users are advised to update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. There are no known workarounds for this issue.
Title		ReDoS vulnerability in multiparametric routes in find-my-way
Weaknesses		CWE-1333
References		https://blakeembrey.com/posts/2024-09-web-redos https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440 https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}`

Subscriptions

Redhat Acm Multicluster Engine Openshift Devspaces

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-09-18T16:47:57.138Z

Updated: 2024-09-18T18:07:10.935Z

Reserved: 2024-09-09T14:23:07.505Z

Link: CVE-2024-45813

Vulnrichment

Updated: 2024-09-18T18:07:07.246Z

NVD

Status : Deferred

Published: 2024-09-18T17:15:19.163

Modified: 2026-04-15T00:35:42.020

Link: CVE-2024-45813

Redhat

Severity : Moderate

Publid Date: 2024-09-18T17:15:19Z

Links: CVE-2024-45813 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-1333

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object