{"id":"CVE-2023-38285","details":"Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.","aliases":["BIT-modsecurity-2023-38285","BIT-modsecurity2-2023-38285"],"modified":"2026-03-14T12:08:22.428647Z","published":"2023-07-26T21:15:10.207Z","related":["CGA-76gh-h4h3-h3m6","openSUSE-SU-2023:0257-1","openSUSE-SU-2023:0269-1","openSUSE-SU-2024:13195-1"],"references":[{"type":"WEB","url":"https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/"},{"type":"ADVISORY","url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/owasp-modsecurity/modsecurity","events":[{"introduced":"c1cd668acb820824e791ba802396c60900eae9c1"},{"fixed":"ccc2d9b53632fb5088673bbaafedf0d8d4b5f1d8"}],"database_specific":{"versions":[{"introduced":"3.0.0"},{"fixed":"3.0.10"}]}}],"versions":["v3.0.0","v3.0.1","v3.0.2","v3.0.3","v3.0.4","v3.0.5","v3.0.6","v3.0.7","v3.0.8","v3.0.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38285.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}