Important: python3.9

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

AZL-54017 CVE-2024-52798 affecting package nodejs-nodemon 2.0.3-4

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

AZL-54020 CVE-2024-52798 affecting package reaper for versions less than 3.1.1-16

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

AZL-54036 CVE-2024-52798 affecting package nodejs-nodemon 2.0.3-5

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

CVE-2024-52798

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

UBUNTU-CVE-2024-52798

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

CVE-2024-52798

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

CVE-2024-52798 path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

CVE-2024-52798

CVE-2024-52798 concerns the path-to-regexp library. The DoS arises when path-to-regexp outputs regex patterns that backtrack, enabling high CPU/blocked event loop in vulnerable inputs. Public sources reference the 0.1.x line as the origin and recommend upgrading specifically to 0.1.12; later advi...

CVE-2024-52798 path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

GHSA-RHX6-C78J-4Q9W path-to-regexp contains a ReDoS

Impact The regular expression that is vulnerable to backtracking can be generated in versions before 0.1.12 of path-to-regexp, originally reported in CVE-2024-45296 Patches Upgrade to 0.1.12. Workarounds Avoid using two parameters within a single path segment, when the separator is not . e.g. no...

path-to-regexp contains a ReDoS

Impact The regular expression that is vulnerable to backtracking can be generated in versions before 0.1.12 of path-to-regexp, originally reported in CVE-2024-45296 Patches Upgrade to 0.1.12. Workarounds Avoid using two parameters within a single path segment, when the separator is not . e.g. no...

PT-2024-35449 · Unknown · Path-To-Regexp

Name of the Vulnerable Software and Affected Versions: path-to-regexp versions 0.1.x through 0.1.11 Description: The issue concerns a performance vulnerability in path-to-regexp, where certain inputs can generate regular expressions vulnerable to backtracking, leading to poor performance. This...

path-to-regexp: Backtracking regular expressions cause ReDoS

A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, po...

Astra Linux – Vulnerability in Python 3.11

There is a medium-severity vulnerability affecting CPython. Regular expressions that allow excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS through specifically crafted tar archives...

OESA-2024-2448 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction jump history to record instructions that performed register spill/fi...

USN-7015-5 python2.7 vulnerabilities

USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2024-6232 and CVE-2024-6923 for python2.7 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Original advisory details: It was discovered that the...

Important: python3

Issue Overview: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. CVE-2024-6232 Affected Packages: python3 Note: This advisory is...

Important: python3

Issue Overview: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. CVE-2024-6232 Affected Packages: python3 Note: This advisory is...

Regular Expression Denial of Service (ReDoS)

Overview giskard is a The testing framework dedicated to ML models, from tabular to LLMs Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the transformation.py process. An attacker can cause extended computation times or crashes by crafting...