VYPR
High severityOSV Advisory· Published Dec 5, 2024· Updated Apr 15, 2026

CVE-2024-52798

CVE-2024-52798

Description

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
path-to-regexpnpm
< 0.1.120.1.12

Affected products

66

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.