1031 matches found
CVE-2024-58340 LangChain <= 0.3.1 MRKLOutputParser ReDoS
LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service ReDoS vulnerability in the MRKLOutputParser.parse method libs/langchain/langchain/agents/mrkl/outputparser.py. The parser applies a backtracking-prone regular expression when extracting tool actions from...
CVE-2024-58340
LangChain
LangChain 安全漏洞
LangChain is the LangChain open source framework for developing applications powered by the Large Language Model LLM. A security vulnerability exists in LangChain 0.3.1 and earlier versions, which stems from the MRKLOutputParser.parse method using a regular expression that is vulnerable to...
CVE-2019-20871
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking...
CVE-2024-2800
ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking...
MediaWiki - VisualData Extension 安全漏洞
MediaWiki - VisualData Extension is an open source data visualization extension for MediaWiki. A security vulnerability exists in MediaWiki - VisualData Extension version 1.45, which stems from inefficient regular expression complexity that could lead to exponential regular expression expansion...
EUVD-2026-0800
Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...
PT-2026-28656
Name of the Vulnerable Software and Affected Versions path-to-regexp versions prior to 0.1.13 Description A flawed regular expression is generated when three or more parameters are present within a single segment, separated by characters other than a period .. For example, /:a-:b-:c or...
CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...
Taint-Based Code Slicing for LLMs-Based Malicious NPM Package Detection
The increasing sophistication of malware attacks in the npm ecosystem, characterized by obfuscation and complex logic, necessitates advanced detection methods. Recently, researchers have turned their attention from traditional detection approaches to Large Language Models LLMs due to their strong...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the validatequery routine used for FTS5 query validation. The regular expression used to tokenize user-supplied search strings contains nested repetition, allowing crafted input to trigger...
GHSA-VQPR-J7V3-HQW9 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`
Summary The EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU time minutes, leading to a Denial of Service DoS for the application...
Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2020-8492)
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. This plugin...
Regular Expression Denial Of Service
Grafana-Zabbix is vulnerable to Regular Expression Denial of Service. The vulnerability is due to inefficient regular-expression handling to user-supplied regex queries, that can trigger catastrophic backtracking, and attackers can exploit this by submitting specially crafted regex patterns that...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Do not include the stack pointer register in precision backtracking bookkeeping. Yi Lai reported an issue 1 where the following warning appears in kernel dmesg: 60.643604 verifier backtracking bug 60.643635 WARNING: CPU: ...
Regular Expression Denial Of Service (ReDoS)
Cattown is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to the use of inefficient regular expressions with potentially exponential backtracking complexity, which allows an attacker to craft malicious markdown inputs that cause excessive CPU usage and lead to...
EUVD-2013-7117
Malware in sbrugna...
EUVD-2020-0489
Malware in sbrugna...
EUVD-2019-0398
Malware in sbrugna...
EUVD-2018-11713
Malware in sbrugna...