python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib

A flaw was found in the way catastrophic backtracking was implemented in python's difflib.ISLINEJUNK method. An attacker could use this flaw to cause denial of service...

python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib

A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service...

EulerOS 2.0 SP3 : python (EulerOS-SA-2019-1337)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop method. An...

Regular Expression Denial of Service

Overview Versions of highcharts prior to 6.1.0 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. Recommendation Upgra...

zzzphpV1. 6. 1 Remote Code Execution Vulnerability simple analysis-vulnerability warning-the black bar safety net

0x1 Foreword The Prophet chanced to see an article zzzphp V1. 6. 1 Remote Code Execution Vulnerability Analysis,on the stencil getshell actually very common,this vulnerability analysis of the fun is tracking malicious code with the full process,it is a pity the Prophet on the author May in this...

Denial Of Service (DoS)

highcharts is vulnerable to denial of service. Backtracking regular expressions are permitted in js/parts/SvgRenderer.js, which would allow an attacker to perform regular expressions denial of service against the SVGRenderer component...

EulerOS 2.0 SP5 : python (EulerOS-SA-2019-1072)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - python: DOS via regular expression backtracking in difflib.ISLINEJUNK method in difflib CVE-2018-1061 - python: DOS via regular expression...

Regular Expression Denial of Service

Overview Versions of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. Recommendation Upgrade t...

Regular Expression Denial of Service

Overview Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. Recommendation Upgrad...

django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions only one regular expression for Django...

django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html'

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...

Moderate: Red Hat Security Advisory: python-django security update

An update for python-django is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions only one regular expression for Django...

Moderate: Red Hat Security Advisory: python-django security update

An update for python-django is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions only one regular expression for Django...

GHSA-R28V-MW67-M5P9 Django denial-of-service possibility in urlize and urlizetrunc template filters

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions only one regular expression for Django...

Django denial-of-service possibility in urlize and urlizetrunc template filters

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions only one regular expression for Django...

GHSA-2F9X-5V75-3QV4 Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...

Fedora 28 : python34 (2018-c3a2174314)

Security update to 3.4.9 with fix for CVE-2018-1060: difflib and poplib catastrophic backtracking. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...

Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private (CVE-2018-1060, CVE-2018-1061)

Summary IBM Cloud Private and IBM Cloud Automation Manager component are vulnerable to multiple security vulnerabilities Vulnerability Details CVEID: CVE-2018-1060 DESCRIPTION: Python is vulnerable to a denial of service, caused by catastrophic backtracking in the pop3lib's apop method. A remote...