Recent Vulnerabilities Product List Research Posts Trends Blog Docs About Contact

Published: 15/05/2025 Updated: 16/05/2025

Remote Regular Expression Complexity Vulnerability in Meteor Framework Up to 3.2.1

A vulnerability exists in Meteor up to version 3.2.1 within the Object.assign function in the packages/ddp-server/livedata_server.js file. The issue involves inefficient regular expression complexity when manipulating the forwardedFor argument. This vulnerability can potentially be initiated remotely, with a high attack complexity and difficult exploitation. The vulnerability has been publicly disclosed, and an exploit may be available. Users are strongly recommended to upgrade to Meteor version 3.2.2, which addresses the problem through a patch identified by the commit hash f7ea6817b90952baaea9baace2a3b4366fee6a63.

Vulnerable Product	Search on Vulmon	Subscribe to Product
* meteor

CWE-400 CWE-1333 https://nvd.nist.gov https://www.first.org/epss https://github.com/meteor/meteor/commit/f7ea6817b90952baaea9baace2a3b4366fee6a63 https://github.com/meteor/meteor/issues/13713 https://github.com/meteor/meteor/pull/13721 https://github.com/meteor/meteor/releases/tag/release/METEOR%403.2.2 https://vuldb.com/?ctiid.309029 https://vuldb.com/?id.309029 https://vuldb.com/?submit.570441 https://vuldb.com/?submit.570441

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2025-4727

Vulnerability Summary

References

Vulmon Search

About

Products

Connect