Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-6087-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6087-1 advisory. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a...

Oracle Linux 9 : nodejs:18 (ELSA-2023-2654)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2654 advisory. - Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807 - Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920 nodejs-nodemon...

Debian dla-3425 : pypy-sqlparse - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3425 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3425-1 [email protected] https://www.debian.org/lts/security/...

EulerOS Virtualization 2.10.1 : python-setuptools (EulerOS-SA-2023-1909)

According to the versions of the python-setuptools packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML...

ALSA-2023:2893 Moderate: python-mako security update

Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Security Fixes: mako: REDoS in Lexer class CVE-2022-40023 For more details about the security issues, including the impact, a CVSS score, acknowledgment...

CVE-2023-32758

giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...

CVE-2023-32758

giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...

Design/Logic Flaw

giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...

CVE-2023-32758

The connected documents confirm CVE-2023-32758 affects git-url-parse (Python) up to 1.2.2, used by Semgrep versions 1.5.2–1.24.1. The issue is a Regular Expression Denial of Service (ReDoS) when parsing untrusted URLs, with potential impact if a package’s author embeds a crafted URL in a target p...

CVE-2023-32758

giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...

PT-2023-24006 · Unknown +1 · Giturlparse +1

Name of the Vulnerable Software and Affected Versions: giturlparse versions through 1.2.2 Semgrep versions 1.5.2 through 1.24.1 Description: The issue is related to ReDoS Regular Expression Denial of Service when parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted...

EulerOS Virtualization 2.10.0 : python-setuptools (EulerOS-SA-2023-1940)

According to the versions of the python-setuptools packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML...

CVE-2023-32758

giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-1810)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific...

Moderate: Red Hat Security Advisory: nodejs and nodejs-nodemon security, bug fix, and enhancement update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Node.js: Regular Expression Denial of Service in Headers fetch API

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

Moderate: Red Hat Security Advisory: python-mako security update

An update for python-mako is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Moderate: python-mako security update

Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Security Fixes: python-mako: REDoS in Lexer class CVE-2022-40023 For more details about the security issues, including the impact, a CVSS score,...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-1828)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-1810)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...