129 matches found
path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions
A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of...
path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions
A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of...
ROOT-APP-NPM-CVE-2024-45296 CVE-2024-45296 in @rootio/path-to-regexp - Patched by Root
Root has patched CVE-2024-45296 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2024-52798 CVE-2024-52798 in @rootio/path-to-regexp - Patched by Root
Root has patched CVE-2024-52798 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-4926 CVE-2026-4926 in @rootio/path-to-regexp - Patched by Root
Root has patched CVE-2026-4926 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-4867 CVE-2026-4867 in @rootio/path-to-regexp - Patched by Root
Root has patched CVE-2026-4867 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-4923 CVE-2026-4923 in @rootio/path-to-regexp - Patched by Root
Root has patched CVE-2026-4923 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in path-to-regexp-0.1.12.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in path-to-regexp-0.1.12.tgz Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867
Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression ...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to a vulnerability in path-to-regexp
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to a vulnerability in path-to-regexp. CVE-2026-4867 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in path-to-regexp
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in path-to-regexp. CVE-2026-4923, CVE-2026-4926 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-4923 DESCRIPTION: Impact: When using multiple...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Path-to-Regexp vulnerability (USN-8290-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8290-1 advisory. It was discovered that Path-to-Regexp incorrectly handled route patterns containing multiple named parameters...
USN-8290-1: Path-to-Regexp vulnerability
It was discovered that Path-to-Regexp incorrectly handled route patterns containing multiple named parameters separated by non-delimiter characters such as hyphens. An attacker could possibly use this issue to cause a denial of service via catastrophic backtracking in the generated regular...
Security Bulletin: There is a vulnerability in path-to-regexp-0.1.12.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-4867)
Summary There is a vulnerability in path-to-regexp-0.1.12.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you have three or more parameters within a single...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the path-to-regexp library
Summary Due to use of the path-to-regexp library, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2026-4923 DESCRIPTION: Impact: When using multiple wildcards, combined with at...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the path-to-regexp package
Summary Due to use of the path-to-regexp package, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you...
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards
Impact When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...
GHSA-27V5-C462-WPQ7 path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards
Impact When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...
07-calito-router (>=0.0.2 <=0.0.4), 07-dey-router (>=0.0.1 <=0.0.2) +985 more potentially affected by CVE-2026-4923 via path-to-regexp (>=8.0.0 <=8.3.0)
path-to-regexp NPM version =8.0.0, =0.0.2, =0.0.1, =0.0.0, =0.0.1, =0.0.1, =0.0.0, =0.0.1, =0.0.2, =0.0.1-alpha.2, =0.0.1-alpha.1, =4.0.61, =4.0.61, =0.0.1, =0.3.1, =0.3.4 and more Source cves: CVE-2026-4923 Source advisory: OSV:GHSA-27V5-C462-WPQ7...
07-calito-router (>=0.0.2 <=0.0.4), 07-dey-router (>=0.0.1 <=0.0.2) +985 more potentially affected by CVE-2026-4926 via path-to-regexp (>=8.0.0 <=8.3.0)
path-to-regexp NPM version =8.0.0, =0.0.2, =0.0.1, =0.0.0, =0.0.1, =0.0.1, =0.0.0, =0.0.1, =0.0.2, =0.0.1-alpha.2, =0.0.1-alpha.1, =4.0.61, =4.0.61, =0.0.1, =0.3.1, =0.3.4 and more Source cves: CVE-2026-4926 Source advisory: OSV:GHSA-J3Q9-MXJG-W52F...