Primary

Context

Unitech pm2 Regular Expression Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Unitech pm2 versions through 6.0.6. The issue arises from an inefficient regular expression in the file '/lib/tools/Config.js', which can be exploited remotely. This vulnerability causes excessive CPU usage, potentially leading to application freezing or a denial-of-service condition.

Impact

Exploitation of this vulnerability causes high CPU usage, application freezing, or a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a specially crafted input string that exploits the inefficient regular expression handling in the 'Config.js' file. This can be done by using the pm2 application and inputting the malicious string in a way that triggers the vulnerable regular expression validation.

Added: Jun 9, 2025, 7:21 PM

Updated: Jun 9, 2025, 8:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Unitech pm2 Regular Expression Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating