Regular Expression Denial of Service (ReDoS)

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the getimports function in dynamicmoduleutils.py. An attacker can cause excessive resource consumption by...

CVE-2024-3114

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server...

CVE-2023-6682

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS...

PYSEC-2025-40

A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...

GPT Academic Denial of Service Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a denial of service vulnerability that can be exploited by an attacker to cause a regular expression denial of service attack...

CVE-2024-10550

CVE-2024-10550 affects h2oai/h2o-3 v3.46.0.1. The /3/ParseSetup endpoint applies a user-specified regex to a user-controlled string, enabling Regular Expression DoS (ReDoS) that can exhaust server resources and render the service unresponsive. Affected component: h2o-core in h2o-3; root cause is ...

Linux Distros Unpatched Vulnerability : CVE-2022-29167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and...

Regular Expression Denial of Service (ReDoS)

Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the UtilescapeElement method. An attacker can cause high CPU consumption by providing malicious input. Details Denial of Service...

CVE-2025-25290 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

psf/black: ReDoS via the lines_with_leading_tabs_expanded() function in strings.py file

The python-black package is susceptible to a regular expression denial of service ReDoS vulnerability, found in the lineswithleadingtabsexpanded function within the strings.py file. This vulnerability could be exploited by running Black on untrusted input or by inserting numerous leading tab...

UBUNTU-CVE-2023-6688

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from an issue wit...

Regular Expression Denial of Service (ReDoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in Action Dispatch's Accept header parsing. Note: This is only vulnerable on applications based on Ruby prior to 3.2. Details Denial of Service DoS describes a family of attacks, all aimed at...

GHSA-2JV5-9R88-3W3P python-multipart vulnerable to Content-Type Header ReDoS

Summary When using form data, python-multipart uses a Regular Expression to parse the HTTP Content-Type header, including options. An attacker could send a custom-made Content-Type option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely minutes or...

GHSA-QF9M-VFGH-M389 Duplicate Advisory: FastAPI Content-Type Header ReDoS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2jv5-9r88-3w3p. This link is maintained to preserve external references. Original Description Summary When using form data, python-multipart uses a Regular Expression to parse the HTTP Content-Type header,...

GHSA-JH3W-4VVF-MJGR Django has regular expression denial of service vulnerability in EmailValidator/URLValidator

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

AZL-44184 CVE-2023-26115 affecting package js-jquery 3.5.0-4

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression within the result variable...

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...