Regular Expression Denial Of Service (ReDoS)

terminal-kit is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used in multiple functions of the library, allowing an attacker to crash the application by providing a malicious strings such as '^'.repeatbigNumber...

Regular Expression Denial Of Service (ReDoS)

mootools-core is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists via the Slick.parse function in Slick.Parser.js, which does not properly handle user-injected string into a CSS selector at runtime, which allows remote attackers to cause denial of service...

Moderate: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nodejs:14 security, bug fix, and enhancement update

An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform f...

Regular Expression Denial Of Service

luxon is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists via the replace parameter in regexParser.js, which does not properly handle user-untrusted data allowing the attacker to supply arbitrary input to the function, resulting in a system crash...

CVE-2022-23548

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, parsing posts can be susceptible to regular expression denial of service ReDoS attacks. This issue is patched in versions 2.8.14 and...

Design/Logic Flaw

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, parsing posts can be susceptible to regular expression denial of service ReDoS attacks. This issue is patched in versions 2.8.14 and...

CVE-2021-4305 Woorank robots-txt-guard patterns.js makePathPattern redos

A vulnerability was found in Woorank robots-txt-guard. It has been rated as problematic. Affected by this issue is the function makePathPattern of the file lib/patterns.js. The manipulation of the argument pattern leads to inefficient regular expression complexity. The exploit has been disclosed ...

CVE-2022-23548

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, parsing posts can be susceptible to regular expression denial of service ReDoS attacks. This issue is patched in versions 2.8.14 and...

CVE-2022-23548

Discourse is affected by a ReDoS vulnerability in the post-parsing logic (CVE-2022-23548). Affected versions are prior to 2.8.14 (stable) and 2.9.0.beta16 (beta/tests-passed). The issue is patched in 2.8.14 and 2.9.0.beta16. There are no publicly documented workarounds. Remediation is to upgrade ...

CVE-2022-23548

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, parsing posts can be susceptible to regular expression denial of service ReDoS attacks. This issue is patched in versions 2.8.14 and...

MooTools Regular Expression Denial of Service

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

CVE-2021-32821

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

CVE-2021-32821

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

CVE-2021-32821

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

CVE-2021-32821 Regular expression Denial of Service in MooTools

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

CVE-2021-32821

CVE-2021-32821 affects MooTools (JavaScript utilities). The issue is a vulnerability in MooTools’ CSS selector parser, where a crafted CSS selector can trigger a Regular Expression Denial of Service (ReDoS) at runtime. Exploitation requires injecting a string into a selector (e.g., via runtime qu...

CVE-2021-32821

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

Regular Expression Denial Of Service (ReDoS)

email-existence is vulnerable to regular expression denial of service. The vulnerability exists in index.js because the length of the email is not properly validated which allows users to create emails using more than 300 characters causing a denial of service...

EulerOS Virtualization 2.10.1 : python-ldap (EulerOS-SA-2022-2940)

According to the versions of the python-ldap package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions,...