CVE-2021-27293

moderate-risk
Published 2021-07-12

RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.

Do I need to act?

-
0.44% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (9)

Restsharp
Restsharp
Restsharp
Restsharp
Restsharp
Restsharp
Restsharp
Restsharp
Restsharp

Affected Vendors

Restsharp

References (4)

Exploit https://github.com/restsharp/RestSharp/issues/1556
Product https://restsharp.dev/
Exploit https://github.com/restsharp/RestSharp/issues/1556
Product https://restsharp.dev/
43
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 15/34 · Moderate