Regular Expression Denial Of Service (ReDoS)

shescape is vulnerable to regular expression denial of service. The vulnerability exists in escapeArgBash function in unix.js due to insufficient regular expression complexity in bash escaping which allows an attacker to cause polynomial backtracking or quadratic runtime resulting an application...

Shescape 输入验证错误漏洞

Shescape is open source a simple shell escaping program package for JavaScript . Use it to escape user-controlled input to shell commands to prevent shell injection. An input validation error vulnerability exists in versions prior to Shescape v1.5.10 that stems from two regular expressions in...

PT-2022-23152 · Shescape · Shescape

Name of the Vulnerable Software and Affected Versions: Shescape versions prior to 1.5.10 Shescape version 1.5.9 for Bash Description: An Inefficient Regular Expression Complexity issue affects Shescape users who utilize it to escape arguments for Unix shells, including Bash and Dash, particularly...

Gitlab -- multiple vulnerabilities

Gitlab reports: Remote Command Execution via GitHub import Stored XSS via labels color Content injection via Incidents Timeline description Lack of length validation in Snippets leads to Denial of Service Group IP allow-list not fully respected by the Package Registry Abusing Gitaly.GetTreeEntrie...

In mistune through 2.0.2 support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

...

GHSA-FW3V-X4F2-V673 Mistune vulnerable to catastrophic backtracking

In Mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...

Mistune vulnerable to catastrophic backtracking

In Mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...

AZL-10403 CVE-2022-34749 affecting package python-mistune for versions less than 0.8.3-5

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...

DEBIAN-CVE-2022-34749

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...

CVE-2022-34749

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...

PYSEC-2022-237

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...

CVE-2022-34749

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...

CVE-2022-34749

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...

PYSEC-2022-237

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...

UBUNTU-CVE-2022-34749

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...

Code injection

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...

mistune 安全漏洞

mistune is a fast and powerful Python Markdown parser from the individual developer Hsiaoming Yang. A security vulnerability exists in mistune 2.0.2 and earlier versions, which stems from the fact that its support for inline markup is implemented through the use of regular expressions, which may...

CVE-2022-34749

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...

PT-2022-22315 · Mistune +1 · Mistune +1

Name of the Vulnerable Software and Affected Versions: Mistune versions 2.0.2 and earlier Description: The issue arises from the support of inline markup in Mistune, which utilizes regular expressions. These regular expressions can lead to a high amount of backtracking on certain edge cases, a...

CVE-2022-34749

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...