@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability

Impact User-provided strings to formula's parser might lead to polynomial execution time. Patches Users should upgrade to 3.0.1+. Workarounds None...

CVE-2023-25166 Regular Expression Denial of Service (ReDoS) Vulnerability

formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability...

Debian DSA-5339-1 : libhtml-stripscripts-perl - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5339 advisory. - The HTML-StripScripts module through 1.06 for Perl allows hssattvalstyle ReDoS because of catastrophic backtracking for HTML content with certain style attributes...

Design/Logic Flaw

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. This issue has been...

CVE-2023-23925 Switcher Client contains Regular Expression Denial of Service (ReDoS)

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. This issue has been...

CVE-2023-23925

The CVE-2023-23925 entry concerns the Switcher Client JavaScript SDK (Switcher API). Affects the strategy match operation (EXIST) where unsanitized input is used to build a regular expression, enabling a Regular Expression Denial of Service (ReDoS). Impact is indicated as high; CVSS vectors show ...

Switcher Client contains Regular Expression Denial of Service (ReDoS)

Impact Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. Patches Patched in 3.1.4 Workarounds Avoid using Strategy settings that use REGEX in conjunction with EXIST a...

Debian dla-3296 : libhtml-stripscripts-perl - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3296 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3296-1 [email protected] https://www.debian.org/lts/security/...

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2023-1285)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-3296-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-3298-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3298-1] ruby-rack security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-3298-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 31, 2023 https://wiki.debian.org/LTS -...

EulerOS Virtualization 3.0.2.2 : python-jinja2 (EulerOS-SA-2023-1285)

According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre...

EulerOS Virtualization 3.0.2.2 : python (EulerOS-SA-2023-1284)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client...

CVE-2023-23621 Discourse vulnerable to ReDoS in user agent parsing

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0....

CVE-2023-23621 Discourse vulnerable to ReDoS in user agent parsing

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0....

CVE-2022-25927

A flaw was found in ua-parser-js. This issue could allow a malicious user to trigger a regular expression denial of service ReDoS via the trim function...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-py (SUSE-SU-2023:0161-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0161-1 advisory. - The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression...

Discourse 3.1.x < 3.1.0.beta2 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

CVE-2022-25927

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service ReDoS via the trim function...