tornado: Tornado Quadratic DoS via Repeated Header Coalescing

A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...

Linux Distros Unpatched Vulnerability : CVE-2025-54121

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1...

SUSE CVE-2025-54121

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

path-to-regexp outputs backtracking regular expressions

Impact A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period .. For example, /:a-:b. Patches For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. These versions add backtrack protection...

Regular Expression Denial of Service in jshamcrest

The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator. Proof of concept js var js = require'jshamcrest' var emailAddress = new js.JsHamcrest.Matchers.emailAddress; var genstr = functi...

AZL-44496 CVE-2017-16118 affecting package nodejs-nodemon 2.0.3-5

The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

CVE-2017-16115

The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds...

Regular Expression Denial Of Service (ReDoS)

forwarded is vulnerable to regular expression denial of service ReDoS. A flaw when the x-forwarded-for header is parsed causes the event loop to be blocked...

Regular Expression Denial Of Service (ReDoS)

fresh is vulnerable to regular expression denial of service ReDoS.The vulnerability exists when matching multiple ETags in If-None-Match which causes the event loop to be blocked...

Regular Expression Denial of Service

Overview The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator. Proof of concept var js = require'jshamcrest' var emailAddress = new js.JsHamcrest.Matchers.emailAddress; var genstr =...