CVE-2023-26118

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...

CVE-2023-26117

Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...

CVE-2023-26117

CVE-2023-26117 affects angular.js: ReDoS via the $resource service caused by an insecure regular expression. Affected: angular.js versions starting at 1.0.0 (as cited). Potential impact is denial of service under large, crafted inputs due to catastrophic backtracking. Remediation details present ...

CVE-2023-26117

Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...

Fedora 38 : yarnpkg (2023-2e38c3756f)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-2e38c3756f advisory. Apply fix for CVE-2022-37603. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

rubygem-time -- ReDoS vulnerability

oooooooq reports: The Time parser mishandles invalid strings that have specific characters. It causes an increase in execution time for parsing strings to Time objects...

FreeBSD : rubygem-uri -- ReDoS vulnerability (9b60bba1-cf18-11ed-bd44-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9b60bba1-cf18-11ed-bd44-080027f5fec9 advisory. - Dominic Couture reports: A ReDoS issue was discovered in the URI component. The URI parser mishandles...

FreeBSD : rubygem-time -- ReDoS vulnerability (6bd2773c-cf1a-11ed-bd44-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6bd2773c-cf1a-11ed-bd44-080027f5fec9 advisory. - oooooooq reports: The Time parser mishandles invalid strings that have specific characters. It causes...

Ruby 安全漏洞

Ruby is a cross-platform, object-oriented, dynamically-typed programming language from the personal developer of Yukihiro Matsumoto. A security vulnerability exists in Ruby, which stems from a ReDoS issue in the URI component. The following products and versions are affected: Ruby URI gem version...

rubygem-uri -- ReDoS vulnerability

Dominic Couture reports: A ReDoS issue was discovered in the URI component. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects...

Regular Expression Denial Of Service (ReDoS)

validators is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists because url.py uses a REGEX pattern that has insufficient regular expression complexity which allows an attacker to cause an application crash...

Regular Expression Denial Of Service (ReDoS)

textacy is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists because constants.py and resources.py include a REGEX pattern that has insufficient regular expression complexity which allows an attacker to cause an application crash...

PT-2023-3595

Name of the Vulnerable Software and Affected Versions Ruby URI component versions prior to 0.12.1 Ruby URI component versions prior to 0.11.1 Ruby URI component versions prior to 0.10.2 Ruby URI component version 0.10.0 Description The issue is related to the incorrect implementation of handling...

EulerOS 2.0 SP10 : python-setuptools (EulerOS-SA-2023-1563)

According to the versions of the python-setuptools packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted...

EulerOS 2.0 SP10 : python-setuptools (EulerOS-SA-2023-1538)

According to the versions of the python-setuptools packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted...

MGASA-2023-0096 Updated perl-HTML-StripScripts packages fix security vulnerability

The HTML-StripScripts module through 1.06 for Perl allows hssattvalstyle ReDoS because of catastrophic backtracking for HTML content with certain style attributes. CVE-2023-24038...

Updated perl-HTML-StripScripts packages fix security vulnerability

The HTML-StripScripts module through 1.06 for Perl allows hssattvalstyle ReDoS because of catastrophic backtracking for HTML content with certain style attributes. CVE-2023-24038...

Regular Expression Denial Of Service (ReDoS)

rack is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists because the parsehttpacceptheader function in request.rb does not properly sanitize the header due to an insecure REGEX pattern, which may allow an attacker to cause an application crash by parsing a...

Regular Expression Denial of Service (ReDoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

SUSE SLES12 Security Update : python-py (SUSE-SU-2023:0681-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0681-1 advisory. - The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a...