95 matches found
CVE-2023-26112
All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...
DEBIAN-CVE-2023-26112
All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...
CVE-2023-26112
All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...
UBUNTU-CVE-2023-26112
All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...
CVE-2023-26112
All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...
CVE-2023-26112
CVE-2023-26112 : The configobj Python package is affected by a Regular Expression Denial of Service via the validate function, using the pattern (.+?)((.*)). The exploit requires a developer to place a crafted value in a server-side configuration file, enabling a DoS condition. Affected scope inc...
CVE-2023-26112
All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...
CVE-2023-26112
All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...
py39-configobj -- vulnerable to Regular Expression Denial of Service
DarkTinia reports: All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...
Configobj -- Regular Expression Denial of Service attack
[email protected] reports: All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?..Note: This is only exploitable in the case of a developer putting the offending value in a server side configuration file...
PT-2023-9395 · Configobj +5 · Configobj +5
Name of the Vulnerable Software and Affected Versions: configobj versions all versions Description: The issue is related to the use of a regular expression with inefficient computational complexity in the configobj package. This can be exploited to cause a denial of service. The validate function...
configobj 安全漏洞
configobj is a simple but powerful configuration file reader and writer from Differently Sized Kittens open source. A security vulnerability exists in configobj that stems from vulnerability to regular expression denial of service ReDoS attacks...
aws-syndicate (>=0.9.2 <=1.9.4), bcipy (>=1.1.1 <=1.4.2) +40 more potentially affected by CVE-2023-26112 via configobj (>=5.0.0 <=5.0.8)
configobj PYPI version =5.0.0, =0.9.2, =1.1.1, =0.4.1, =1.0.0, =1.0.0, =1.7.0, =0.0.2, =0.1.5, =0.1.2, =0.0.26, =0.1.0, =2.1.0, =0.1.5, =0.1.14, =2018.4.2.1 and more Source cves: CVE-2023-26112 Source advisory: SNYK:PYTHON-CONFIGOBJ-3252494...
Regular Expression Denial of Service (ReDoS)
Overview configobj is a Config file reading, writing and validation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a...
new packages: python-configobj
An update is available for python-configobj. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...