OESA-2023-1112 rubygem-globalid security update

URIs for your models makes it easy to pass references around. Security Fixes: A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an...

Moderate: Red Hat Security Advisory: python-setuptools security update

An update for python-setuptools is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

ALSA-2023:0835 Moderate: python-setuptools security update

The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages. Security Fixes: pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 For more details abo...

AlmaLinux 8 : python-setuptools (ALSA-2023:0835)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:0835 advisory. - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageInde...

CVE-2021-32848

Octobox is software for managing GitHub notifications. Prior to pull request PR 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807...

Design/Logic Flaw

Octobox is software for managing GitHub notifications. Prior to pull request PR 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807...

CVE-2021-32848 Octobox ReDoS vulnerability

Octobox is software for managing GitHub notifications. Prior to pull request PR 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807...

CVE-2021-32848

Octobox (GitHub notifications manager) contains a ReDoS vulnerability triggered by a crafted search query, pre-PR 2807. Root cause: inefficient parsing in the search parser that can be abused by specially formed queries. Impact: availability impact according to CVSS, fixed in pull request 2807. R...

CVE-2021-32848 Octobox ReDoS vulnerability

Octobox is software for managing GitHub notifications. Prior to pull request PR 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807...

OESA-2023-1102 rubygem-globalid security update

URIs for your models makes it easy to pass references around. Security Fixes: A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an...

OESA-2023-1101 rubygem-globalid security update

URIs for your models makes it easy to pass references around. Security Fixes: A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an...

OESA-2023-1100 rubygem-globalid security update

URIs for your models makes it easy to pass references around. Security Fixes: A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an...

SUSE-SU-2023:0444-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2023-22795: Fixed ReDoS in Action Dispatch cache bsc1207451. - CVE-2023-22792: Fixed ReDoS in Action Dispatch cookies bnc1207455...

SUSE-SU-2023:0442-1 Security update for rubygem-actionpack-4_2

This update for rubygem-actionpack-42 fixes the following issues: - CVE-2023-22795: Fixed possible ReDoS based DoS vulnerability in Action Dispatch via specially crafted HTTP header bsc1207451. - CVE-2023-22792: Fixed possible ReDoS based DoS vulnerability in Action Dispatch via specially crafted...

Regular Expression Denial Of Service (ReDoS)

simple-markdown is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in simple-markdown.js because of insufficient regular expression complexity which allows an attacker to cause long parsing times...

Regular Expression Denial Of Service (ReDoS)

undici is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an insecure Regex pattern used in the headerValueNormalize function in headers.js, which allows an attacker to crash the application by providing a malicious input...

Node.js 14.x < 14.21.3 / 16.x < 16.19.1 / 18.x < 18.14.1 / 19.x < 19.6.1 Multiple Vulnerabilities (Thursday February 16 2023 Security Releases).

The version of Node.js installed on the remote host is prior to 14.21.3, 16.19.1, 18.14.1, 19.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Thursday February 16 2023 Security Releases advisory. - It was possible to bypass Permissions and access non authorized...

CVE-2020-6817

bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'...

CVE-2020-6817

bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'...

CVE-2020-6817

bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'...