{ "schema_version": "1.4.0", "id": "GHSA-3rw8-4xrq-3f7p", "modified": "2025-08-07T14:02:08Z", "published": "2025-03-17T21:30:34Z", "withdrawn": "2025-08-07T14:02:08Z", "aliases": [], "summary": "Duplicate Advisory: Uptime Kuma ReDoS vulnerability", "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hx7h-9vf7-5xhg. This link is maintained to preserve external references.\n\n### Original Description\nUptime Kuma >== 1.23.0 has a ReDoS vulnerability, specifically when an administrator creates a notification through the web service. If a string is provided it triggers catastrophic backtracking in the regular expression, leading to a ReDoS attack.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H" }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" } ], "affected": [ { "package": { "ecosystem": "npm", "name": "uptime-kuma" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "1.23.0" }, { "last_affected": "2.0.0-dev.0" } ] } ] } ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26042" }, { "type": "WEB", "url": "https://github.com/louislam/uptime-kuma/issues/5574" }, { "type": "WEB", "url": "https://github.com/louislam/uptime-kuma/pull/5573" }, { "type": "WEB", "url": "https://github.com/louislam/uptime-kuma/commit/7a9191761dbef6551c2a0aa6eed5f693ba48d688" }, { "type": "PACKAGE", "url": "https://github.com/louislam/uptime-kuma" } ], "database_specific": { "cwe_ids": [ "CWE-1333" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-03-17T21:56:00Z", "nvd_published_at": "2025-03-17T19:15:26Z" } }