[SECURITY] [DLA 3296-1] libhtml-stripscripts-perl security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-3296-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 31, 2023 https://wiki.debian.org/LTS -...

Regular Expression Denial of Service (ReDoS)

Overview markdown2 is a fast and complete Python implementation of Markdown. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of an insecure regex \?=\S.+??=\S\. Exploiting this vulnerability will result in catastrophic backtracking...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-websocket-extensions (SUSE-SU-2023:0127-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0127-1 advisory. - websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser ma...

CVE-2023-24038

The HTML-StripScripts module through 1.06 for Perl allows hssattvalstyle ReDoS because of catastrophic backtracking for HTML content with certain style attributes...

DEBIAN-CVE-2023-24038

The HTML-StripScripts module through 1.06 for Perl allows hssattvalstyle ReDoS because of catastrophic backtracking for HTML content with certain style attributes...

Hardcoded credentials

The HTML-StripScripts module through 1.06 for Perl allows hssattvalstyle ReDoS because of catastrophic backtracking for HTML content with certain style attributes...

CVE-2023-24038

The HTML-StripScripts module through 1.06 for Perl allows hssattvalstyle ReDoS because of catastrophic backtracking for HTML content with certain style attributes...

CVE-2023-24038

The HTML-StripScripts module through 1.06 for Perl allows hssattvalstyle ReDoS because of catastrophic backtracking for HTML content with certain style attributes...

CVE-2023-24038

The HTML-StripScripts module through 1.06 for Perl allows hssattvalstyle ReDoS because of catastrophic backtracking for HTML content with certain style attributes...

perl-html-stripscripts 安全漏洞

perl-html-stripscripts is a Perl library. A security vulnerability exists in perl-html-stripscripts version 1.06 and earlier. An attacker can exploit this vulnerability to perform catastrophic backtracking on HTML content with specific style attributes...

ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: = 3.0.0 Not affected: 3.0.0 Fixed Versions: 5.2.8.15 Rails LTS, 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in...

PT-2023-18702 · Ruby +5 · Ruby +5

Name of the Vulnerable Software and Affected Versions: Active Support versions prior to 6.1.7.1 Active Support versions prior to 7.0.4.1 Description: The issue is related to insufficient input validation in the Inflector.underscore method, which can lead to a regular expression based DoS...

debug 安全漏洞

debug is a small JavaScript debugging utility open-sourced by Debug.js and modeled on core Node.js debugging techniques. A security vulnerability exists in debug versions prior to 3.1.0, which stems from the function useColors in file src/node.js, where manipulation of the parameter str leads to...

CVE-2022-23517

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

UBUNTU-CVE-2022-23514

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

CVE-2022-23514

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

Rails 安全漏洞

Rails is a set of open source web application frameworks based on the Ruby language from the American Rails team. A security vulnerability exists in Rails rails-html-sanitizer versions prior to 1.4.4, which stems from the use of inefficient regular expressions that are susceptible to excessive...

OESA-2022-2093 rubygem-websocket-extensions security update

Generic extension manager for WebSocket connections. Security Fixes: websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content ...

v8n vulnerable to Inefficient Regular Expression Complexity

Impact Inefficient regular expression complexity of lowercase and uppercase regex could lead to a denial of service attack. With a formed payload 'a' + 'a'.repeati + 'A', only 32 characters payload could take 29443 ms time execution when testing lowercase. The same issue happens with uppercase...

Regular Expression Denial Of Service (ReDoS)

d3-color is vulnerable to regular expression denial of service. The vulnerability exists due to an ambiguous regular expression allowing an attacker to exploit the vulnerability by causing backtracking via a maliciously crafted string...