CVE-2024-52798

N/A Unknown

Published: December 05, 2024 Modified: April 15, 2026

Description

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4

Source: security-advisories@github.com

https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w

Source: security-advisories@github.com

https://security.netapp.com/advisory/ntap-20250124-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

3 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.2%

44th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-1333

Related CVEs

CVE-2026-40565 6.1

CVE-2026-40498 N/A

CVE-2026-37748 N/A

CVE-2025-41029 N/A

CVE-2025-41011 N/A