CVE-2022-2049

Summary

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server0.9 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.1.2894affected
Octopus DeployOctopus Server2022.2.6729 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.2.6872affected
Octopus DeployOctopus Server2022.3.348 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.3.4953affected

Weaknesses

  • Regex Denial of Service

ADP Enrichment

CVE Program Container

Additional References

References