CVE-2018-1109

A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks...

CVE-2018-1109

CVE-2018-1109 (Braces) affects the Node.js braces package, with versions 2.2.0 and later, but before 2.3.1, vulnerable to a Regular Expression Denial of Service (ReDoS). The root cause is a crafted regex input that can trigger a sustained RegExp evaluation, leading to measurable latency (IBM note...

npm Braces 资源管理错误漏洞

Npm Braces is an application from Npm USA. bracketed extension of Bash, implemented in JavaScript. A security vulnerability exists in versions of Braces prior to 2.3.1, which can be exploited by an attacker to use a regular expression denial of service ReDoS attack...

Cross site scripting

In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. This vulnerability exists due to an insecure validation mechanism intended to insert v-pre tags into rendered HTML elements which contain curly-braces. By creating a crafted wiki page, a malicious Wiki.j...

GHSA-G95F-P29Q-9XW4 Duplicate Advisory: Regular Expression Denial of Service in braces

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cwfw-4gq5-mrqx. This link is maintained to preserve external references. Original Description Versions of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may...

Duplicate Advisory: Regular Expression Denial of Service in braces

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cwfw-4gq5-mrqx. This link is maintained to preserve external references. Original Description Versions of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may...

CVE-2018-16874

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...

CVE-2018-1109

A vulnerability was found in nodejs-braces. Affected versions of this package are vulnerable to Regular expression Denial of Service ReDoS attacks. The highest threat from this vulnerability is system availability...

CVE-2017-12837

Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...

Braces Surgery Simulator - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Braces Surgery Simulator published at the 'play' market has multiple vulnerabilities...

ShopEx an injection vulnerability fix is not complete-bug warning-the black bar safety net

In the clouds to see this http://wooyun.org/bugs/wooyun-2014-088313 So hand cheap points to open, found that the repair is not complete. It turned out what seemed like protection are not, now parameter to add the double quotes and braces to protect, turned into"xxx"like this, can still be injecte...

PT-2020-7688

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 1.6.7 Description The issue allows remote attackers to execute arbitrary code via crafted lookup'pipe' calls or crafted Jinja2 data, due to the lack of prevention of inventory data with "" and "lookup" substrings, and...

pureftpd -- multiple vulnerabilities

Pure-FTPd development team reports: Support for braces expansion in directory listings has been disabled -- Cf. CVE-2011-0418. Fix a STARTTLS flaw similar to Postfix's CVE-2011-0411. If you're using TLS, upgrading is recommended...

Unfixed XSS vulnerability at www.bracesbakery.co.uk

Security researcher Ragamuffin, has submitted on 18/09/2007 a cross-site-scripting XSS vulnerability affecting www.bracesbakery.co.uk, which at the time of submission ranked 4917445 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 22/09/2007. It...