CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3333 matches found

Github Security Blog•added 2023/02/16 8:46 p.m.•37 views

Regular Expression Denial of Service in Headers

Impact The Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the headerValueNormalize utility function...

7.5CVSS7.4AI score0.01315EPSS

Exploits0References6Affected Software1

OSV•added 2023/02/16 8:46 p.m.•41 views

GHSA-R6CH-MQF9-QC9W Regular Expression Denial of Service in Headers

7.5CVSS7.1AI score0.01315EPSS

Exploits0References6

OSV•added 2023/02/16 6:15 p.m.•3 views

AZL-13585 CVE-2023-24807 affecting package nodejs for versions less than 16.19.1-1

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

7.5CVSS7.1AI score0.01315EPSS

Exploits0References1

OSV•added 2023/02/16 6:15 p.m.•3 views

ALPINE-CVE-2023-24807

7.5CVSS7AI score0.01315EPSS

Exploits0References1

NVD•added 2023/02/16 6:15 p.m.•15 views

CVE-2023-24807

7.5CVSS7.5AI score0.01315EPSS

Exploits0References5

UbuntuCve•added 2023/02/16 6:15 p.m.•25 views

CVE-2023-24807

7.5CVSS6.9AI score0.01315EPSS

Exploits0References6

Prion•added 2023/02/16 6:15 p.m.•26 views

Design/Logic Flaw

5CVSS7.3AI score0.01315EPSS

Exploits0References4Affected Software1

Cvelist•added 2023/02/16 5:30 p.m.•16 views

CVE-2023-24807 Undici vulnerable to Regular Expression Denial of Service in Headers

7.5CVSS7.7AI score0.01315EPSS

Exploits0References4

CVE•added 2023/02/16 5:30 p.m.•319 views

CVE-2023-24807

The CVE-2023-24807 issue is in Undici’s header normalization (headerValueNormalize) used by the Headers.fetch API, allowing a Regular Expression Denial of Service when untrusted header values are processed. Affected range is before Undici v5.19.1; the vulnerability is fixed in v5.19.1. Upgrading ...

7.5CVSS7.9AI score0.01315EPSS

Exploits0References5Affected Software1

Debian CVE•added 2023/02/16 5:30 p.m.•29 views

CVE-2023-24807

7.5CVSS7.3AI score0.01315EPSS

Exploits0

OSV•added 2023/02/16 5:30 p.m.•25 views

CVE-2023-24807 Undici vulnerable to Regular Expression Denial of Service in Headers

7.5CVSS7AI score0.01315EPSS

Exploits0References7

AlpineLinux•added 2023/02/16 5:30 p.m.•25 views

CVE-2023-24807

7.5CVSS8.1AI score0.01315EPSS

Exploits0

Vulnrichment•added 2023/02/16 12:0 a.m.•5 views

CVE-2020-6817

bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'...

6.6AI score0.00718EPSS

Exploits1References2

CNNVD•added 2023/02/16 12:0 a.m.•2 views

undici 安全漏洞

undici is an HTTP/1.1 client. A security vulnerability exists in undici versions prior to 5.19.1 that stems from vulnerability to regular expression denial of service ReDoS attacks when passing untrusted values to functions...

7.5CVSS7AI score0.01315EPSS

Exploits0References10

Cvelist•added 2023/02/16 12:0 a.m.•38 views

CVE-2020-6817

6.5AI score0.00718EPSS

Exploits1References2

CVE•added 2023/02/16 12:0 a.m.•98 views

CVE-2020-6817

CVE-2020-6817 affects the python-bleach library: bleach.clean parsing of style attributes can trigger a ReDoS when an allowed tag and an allowed style attribute are present (e.g., attributes={'a': ['style']}). The vulnerability is tied to the handling of style attributes in the white-list sanitiz...

7.5CVSS6.3AI score0.00718EPSS

Exploits1References2Affected Software1

Debian CVE•added 2023/02/16 12:0 a.m.•27 views

CVE-2020-6817

7.5CVSS7.4AI score0.00718EPSS

Exploits1

Node JS Blog•added 2023/02/16 12:0 a.m.•56 views

Thursday February 16 2023 Security Releases

Thursday February 16 2023 Security Releases Update 16-February-2023 Security releases available Updates are now available for the v19.x, v18.x, v16.x, and v14.x Node.js release lines for the following issues. OpenSSL Security updates This security release includes OpenSSL security updates as...

7.5CVSS6.7AI score0.02209EPSS

Exploits2

SUSE CVE•added 2023/02/15 4:30 a.m.•3 views

SUSE CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

5.9CVSS8.5AI score0.03381EPSS

Exploits0References6

SUSE CVE•added 2023/02/15 4:12 a.m.•5 views

SUSE CVE-2019-11389

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with next at the beginning and nested repetition operators. NOTE: the...

5.3CVSS5.6AI score0.01671EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by