1033 matches found
python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service...
python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
A flaw was found in the way catastrophic backtracking was implemented in python's difflib.ISLINEJUNK method. An attacker could use this flaw to cause denial of service...
CVE-2019-16215
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages...
Code injection
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages...
CVE-2019-16215
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages...
GHSA-C4QH-4VGV-QC6G Django Denial-of-service in django.utils.text.Truncator
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...
ALPINE-CVE-2019-14232
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...
DEBIAN-CVE-2019-14232
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...
Design/Logic Flaw
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...
PYSEC-2019-11
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...
PYSEC-2019-81
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...
CVE-2019-14232
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...
CVE-2019-14232
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...
CVE-2019-14232
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...
UBUNTU-CVE-2019-14232
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...
Amazon Linux 2 : python (ALAS-2019-1230)
A NULL pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accep...
Important: python
Issue Overview: A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate...
GHSA-G95F-P29Q-9XW4 Duplicate Advisory: Regular Expression Denial of Service in braces
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cwfw-4gq5-mrqx. This link is maintained to preserve external references. Original Description Versions of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may...
Duplicate Advisory: Regular Expression Denial of Service in braces
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cwfw-4gq5-mrqx. This link is maintained to preserve external references. Original Description Versions of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may...
GHSA-WXHQ-PM8V-CW75 Regular Expression Denial of Service in clean-css
Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. Recommendation Upgrade to...