CVE-2024-39316 Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

CVE-2024-39316 Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

Internet Bug Bounty: ReDoS Vulnerability in HTTP Accept Headers Parsing

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Rack::Request::Helpers module when parsing HTTP Accept headers. The vulnerability was caused by a lack of fix in the Rack v3.1 release series until v3.1.5...

K000140225: Codemirror vulnerability CVE-2020-7760

Security Advisory Description This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in...

CVE-2024-39249

Async = 2.6.4 and = 3.2.5 are vulnerable to ReDoS Regular Expression Denial of Service while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input...

CVE-2024-39249

Async = 2.6.4 and = 3.2.5 are vulnerable to ReDoS Regular Expression Denial of Service while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input...

CVE-2024-39249

Async = 2.6.4 and = 3.2.5 are vulnerable to ReDoS Regular Expression Denial of Service while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input...

UBUNTU-CVE-2024-39249

Async = 2.6.4 and = 3.2.5 are vulnerable to ReDoS Regular Expression Denial of Service while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input...

CVE-2024-39249

Async = 2.6.4 and = 3.2.5 are vulnerable to ReDoS Regular Expression Denial of Service while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input...

CVE-2024-39249

Async = 2.6.4 and = 3.2.5 are vulnerable to ReDoS Regular Expression Denial of Service while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input...

CVE-2024-6038 ReDoS Vulnerability in gaizhenbiao/chuanhuchatgpt

A Regular Expression Denial of Service ReDoS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filterhistory function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history...

PT-2024-37336 · Unknown · Gaizhenbiao/Chuanhuchatgpt

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt affected versions not specified Description: A Regular Expression Denial of Service ReDoS issue exists, located in the filter history function within the utils.py module. This function uses a regular expression sear...

Gitlab -- Vulnerabilities

Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's mer...

Regular Expression Denial Of Service

kubeflow/kubeflow is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the usage of a regular expression to validate email addresses which has inefficient complexity, allowing an attacker to submit a crafted email which results in excessive CPU consumption,...

python39:3.9 and python39-devel:3.9 security update

An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, module.python-cffi,...

AlmaLinux 9 : ruby (ALSA-2024:3838)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3838 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability in Time CVE-2023-287...

FreeBSD : Gitlab -- Vulnerabilities (92cd1c03-2940-11ef-bc02-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 92cd1c03-2940-11ef-bc02-001b217b3468 advisory. Gitlab reports: ReDoS in gomod dependency linker ReDoS in CI interpolation fix bypass ReDoS in...

ruby security update

3.0.7-162 - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35744 -...

RHEL 9 : ruby (RHSA-2024:3838)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3838 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...