CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

Design/Logic Flaw

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

CVE-2022-25901

CVE-2022-25901 affects the Node.js package cookiejar. The vulnerability is a denial of service (ReDoS) in Cookie.parse caused by an insecure regular expression, exploitable remotely to exhaust CPU. Public details confirm vulnerable versions include cookiejar before 2.1.4; affected products includ...

CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

ReDoS based DoS vulnerability in GlobalID

There is a ReDoS based DoS vulnerability in the GlobalID gem. This vulnerability has been assigned the CVE identifier CVE-2023-22799. Versions Affected: = 0.2.1 Not affected: 0.2.1 Fixed Versions: 1.0.1 Impact There is a possible DoS vulnerability in the model name parsing section of the GlobalID...

PT-2023-18703

Name of the Vulnerable Software and Affected Versions GlobalID versions 0.2.1 through 1.0.0 Rails versions 7.0.0 through 7.0.4 Description A ReDoS based DoS vulnerability in GlobalID could allow an attacker to cause the regular expression engine to take an unexpected amount of time with a careful...

SUSE SLES12 Security Update : python36-setuptools (SUSE-SU-2023:0094-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0094-1 advisory. - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted packag...

SUSE SLES12 Security Update : python-setuptools (SUSE-SU-2023:0093-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0093-1 advisory. - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted packag...

ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: = 3.0.0 Not affected: 3.0.0 Fixed Versions: 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in combination with a...

ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 6.1.7.1, 7.0.4.1 Impact A specially crafted HTTP...

CVE-2021-32837

mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service ReDoS prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for t...

CVE-2021-32837

CVE-2021-32837 affects python-mechanize; the ReDoS vulnerability is in the regular expression handling and is triggered before the patch. Multiple connected advisories confirm a fix in newer releases (e.g., 0.4.6 and later such as 0.4.8 in openSUSE updates). Affected component: mechanize (Python ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python310-setuptools (SUSE-SU-2023:0091-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0091-1 advisory. - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of...

Debian: Security Advisory (DLA-3271-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Regular Expression Denial Of Service (ReDoS)

robots-txt-guard is vulnerable to Regular Expression Denial of Service Attacks ReDoS. The vulnerability exists via the pattern parameter in the makePathPattern function of patterns.js due to insufficient regular expression complexity which allows an attacker to cause an application crash via a...

Regular Expression Denial Of Service (ReDoS)

rgb2hex is vulnerable to regular expression denial of service ReDoS. The vulnerability exists in the rgb2hex function of index.js due to insufficient regular expression complexity which allows an attacker to cause an application crash...

Regular Expression Denial Of Service (ReDoS)

skeemas is vulnerable to regular expression denial of service attacks. A remote attacker is able to cause denial of service conditions due to the inefficient regular expression complexity via the argument uri, which consumes excessive resources...

Regular Expression Denial Of Service (ReDoS)

string-kit is vulnerable to regular expression denial of service attacks. The vulnerability exists via the module.exports function in naturalSort.js, which does not properly handle user-input data due to to inefficient regular expression complexity, allowing an attacker to cause an application...