CLSA-2024-1708427829 Fix CVE(s): CVE-2024-25062

SECURITY UPDATE: Use-after-free in xmlValidatePopElement - debian/patches/CVE-2024-25062.patch: Fix use-after-free if XML Reader with DTD validation and XInclude expansion by not expanding XIncludes when backtracking - CVE-2024-25062...

angular vulnerable to super-linear runtime due to backtracking

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of...

GHSA-4W4V-5HC9-XRR2 angular vulnerable to super-linear runtime due to backtracking

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of...

CVE-2024-21490

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...

UBUNTU-CVE-2024-21490

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...

CVE-2024-21490

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...

CVE-2024-21490

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...

CVE-2024-21490

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...

OESA-2024-1146 rubygem-actionpack security update

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: A regular expression based DoS vulnerability in Action Dispatch 6.0.6.1,...

GHSA-9H6G-PR28-7CQP nodemailer ReDoS when trying to send a specially crafted email

Summary A ReDoS vulnerability occurs when nodemailer tries to parse img files with the parameter attachDataUrls set, causing the stuck of event loop. Another flaw was found when nodemailer tries to parse an attachments with a embedded file, causing the stuck of event loop. Details Regex:...

PT-2024-7917 · Unknown +3 · Micromatch +3

Name of the Vulnerable Software and Affected Versions: micromatch versions prior to 4.0.8 Description: The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...

Jupyter Server Security Vulnerability

Jupyter Server is an application from the Jupyter organization used to provide back-end services for Jupyter web applications. A security vulnerability exists in Jupyter Server versions prior to 2.11.2 that stems from an unhandled error in an API request that includes backtracking information pat...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in...

Regular Expression Denial of Service (ReDoS)

Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...

kernel: bpf: Skip invalid kfunc call in backtrack_insn

In the Linux kernel, the following vulnerability has been resolved: bpf: Skip invalid kfunc call in backtrackinsn The verifier skips invalid kfunc call in checkkfunccall, which would be captured in fixupkfunccall if such insn is not eliminated by dead code elimination. However, this can lead to t...

The vulnerability of the Django web application framework, related to the inefficient complexity of regular expressions, allows attackers to trigger a service failure.

The vulnerability of the Django web application framework relates to regular expressions for text trimming, which have linear complexity in their reverse path computation, potentially leading to slow performance. Exploiting this vulnerability could allow a remote attacker to cause service...

python-django: Denial-of-service possibility in django.utils.text.Truncator

An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to a potential denial of service, given certain HTML inputs...

python-django: Denial-of-service possibility in django.utils.text.Truncator

An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to a potential denial of service, given certain HTML inputs...

OESA-2023-1722 python-django security update

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to...

Regular Expression Denial Of Service (ReDoS)

get-func-name is vulnerable to Regular Expression Denial Of Service. The vulnerability is due to the getFuncName function in index.js not properly checking the functionSource size and length. which allows an attacker to trigger a DOS attack by using an input like '\t'.repeat54773 + '\t/function/i...