Lucene search
+L

11 matches found

NVD
NVD
added 2026/07/02 8:17 p.m.7 views

CVE-2026-59094

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS0.0047EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/02 7:40 p.m.36 views

CVE-2026-59094 Pathway - Unauthenticated Denial of Service via Exponential Glob Pattern Matching in Document Store

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS0.0047EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:40 p.m.8 views

CVE-2026-59094

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/07/02 7:40 p.m.6 views

CVE-2026-59094 Pathway - Unauthenticated Denial of Service via Exponential Glob Pattern Matching in Document Store

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS6AI score0.0047EPSS
Exploits0References4
Huntr
Huntr
added 2025/01/22 11:30 a.m.7 views

Regular expression Denial of Service - ReDoS

Description A Regular Expression Denial of Service ReDoS vulnerability was identified in the Transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...

6.5CVSS5.5AI score0.00384EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2023/10/19 12:33 p.m.24 views

TorBot vulnerable to Inefficient Regular Expression Complexity in validate_link

Summary The torbot.modules.validators.validatelink function uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument.. Details...

7.5CVSS6.6AI score0.00797EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/18 8:26 p.m.14 views

CVE-2023-45813 Inefficient Regular Expression Complexity in TorBot

Torbot is an open source tor network intelligence tool. In affected versions the torbot.modules.validators.validatelink function uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash...

4.6CVSS7AI score0.00797EPSS
Exploits1References2
Hacker One
Hacker One
added 2022/02/22 10:34 p.m.38 views

Ruby on Rails: ReDoS in Rack::Multipart

A regular expression denial of service ReDoS vulnerability was discovered in the Rack gem's Multipart module. This vulnerability allowed an attacker to cause a denial of service by sending a specially crafted header, resulting in excessive CPU usage on the server. The vulnerability has been patch...

7.5CVSS8AI score0.02056EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/11/09 5:42 p.m.3 views

python-pygments: ReDoS in multiple lexers

A denial of service attack was discovered against pygments. Some of the regular expressions used to tokenise source code for highlighting have exponential complexity. A specially crafted input file could cause pygments to take effectively infinite time to parse, consuming CPU resources and denyin...

7.5CVSS7.4AI score0.03832EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/03/18 6:25 p.m.48 views

CVE-2021-27291

A denial of service attack was discovered against pygments. Some of the regular expressions used to tokenise source code for highlighting have exponential complexity. A specially crafted input file could cause pygments to take effectively infinite time to parse, consuming CPU resources and denyin...

7.5CVSS3.6AI score0.03832EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2021/03/17 1:15 p.m.38 views

CVE-2021-27291

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...

7.5CVSS6.9AI score0.03832EPSS
Exploits1References4
Rows per page
Query Builder