1029 matches found
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...
minimatch: minimatch: Denial of Service via specially crafted glob patterns
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...
minimatch: minimatch: Denial of Service via specially crafted glob patterns
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...
Regular Expression Denial Of Service (ReDoS)
minimatch is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient handling of multiple consecutive wildcards in glob patterns, leading to exponential backtracking in regex evaluation, which allows an attacker to cause significant performance degradatio...
Regular Expression Denial Of Service (ReDoS)
minimatch is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to nested extglob patterns generating regex with unbounded quantifiers, which allows an attacker to trigger catastrophic backtracking via crafted patterns and inputs, leading to significant performance...
PT-2026-31622
fast-jwt provides fast JSON Web Token JWT implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular expression. Because the aud claim is attacker-controlled and the library evaluates it against the...
fast-jwt 安全漏洞
fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt up to 6.2.0 contained security vulnerabilities. These vulnerabilities occurred when the allowedAud verification option used regular expressions, and if the aud declaration controlled by the attacker trigger...
minimatch: minimatch: Denial of Service via specially crafted glob patterns
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...
CVE-2026-35611
A flaw was found in Addressable. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a maliciously crafted Uniform Resource Identifier URI to the URI template implementation. Specifically, certain URI templates using the explode modifier or multiple variables...
EUVD-2026-19788
Addressable has a Regular Expression Denial of Service in Addressable templates...
Addressable has a Regular Expression Denial of Service in Addressable templates
Impact Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking: 1. Templates using the explode modifier with any expansion operator e.g., foo, +var, var, /var, .var, ;var, ?var, &var generate patterns...
Linux Distros Unpatched Vulnerability : CVE-2026-35611
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI...
Addressable has a Regular Expression Denial of Service in Addressable templates
Impact Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking: 1. Templates using the explode modifier with any expansion operator e.g., foo, +var, var, /var, .var, ;var, ?var, &var generate patterns...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the extraHttpHeaders field in the /forms/chromium/screenshot/url endpoint, where user-supplied scope patterns are compiled without a proper timeout. An attacker can cause the...
CVE-2026-35611
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...
DEBIAN-CVE-2026-35611
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...
CVE-2026-35611
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...