CVE-2024-4068 Memory Exhaustion in braces

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...

XWiki Platform 安全漏洞

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from an escape tool used in XWiki that does not escape , which when used in certain places, allows XWiki syntax injection to...

UBUNTU-CVE-2021-47060

In the Linux kernel, the following vulnerability has been resolved: KVM: Stop looking for coalesced MMIO zones if the bus is destroyed Abort the walk of coalesced MMIO zones if kvmiobusunregisterdev fails to allocate memory for the new instance of the bus. If it can't instantiate a new bus,...

PT-2024-7923

Name of the Vulnerable Software and Affected Versions braces versions prior to 3.0.3 Description The issue is related to uncontrolled resource consumption. If a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, causing the program to allocate heap memory without...

SUSE CVE-2018-16874

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...

dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets

A vulnerability found in D-bus. This flaw allows an authenticated attacker to cause dbus-daemon and other programs that use libdbus to crash when receiving a message with specific invalid type signatures...

boots-and-braces-versand.de Cross Site Scripting vulnerability OBB-3031008

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

expat: Stack exhaustion in doctype parsing

A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service...

PT-2022-23131 · Unknown · Nitrado.Js

Name of the Vulnerable Software and Affected Versions: nitrado.js versions prior to 0.2.5 Description: The issue is related to a possible ReDoS Regular expression Denial of Service with lib input of and with many repetitions of |. This can cause a denial of service. There are currently no known...

CVE-2016-4991

Input passed to the Pdf function is shell escaped and passed to childprocess.exec during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3....

expat: Stack exhaustion in doctype parsing

A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service...

GHSA-CWFW-4GQ5-MRQX Regular Expression Denial of Service (ReDoS) in braces

A vulnerability was found in Braces versions from v2.2.0 up to but not including v2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks. This has been patched in version 2.3.1...

Regular Expression Denial of Service (ReDoS) in braces

A vulnerability was found in Braces versions from v2.2.0 up to but not including v2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks. This has been patched in version 2.3.1...

Npm Braces Resource Management Error Vulnerability

Npm Braces is an application from Npm USA. bracketed extension of Bash, implemented in JavaScript. A security vulnerability exists in versions of Braces prior to 2.3.1, which can be exploited by an attacker to use a regular expression denial of service ReDoS attack...

CVE-2018-1109

A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks...

CVE-2018-1109

A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks...

UBUNTU-CVE-2018-1109

A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks...

Design/Logic Flaw

A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks...

CVE-2018-1109

A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks...

CVE-2018-1109

A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks...