CVE-2021-35065

The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

CVE-2021-35065

The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

CVE-2021-35065

The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

Code injection

The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

CVE-2021-35065

The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

CVE-2021-35065

The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

CVE-2021-35065

CVE-2021-35065 : The glob-parent package for Node.js is vulnerable to a Regular Expression Denial of Service (ReDoS) in the enclosure regex, affecting versions before 6.0.1. This can cause an impact to availability under network access with low attacker effort. A remediation is to upgrade glob-pa...

CVE-2021-35065

The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

CVE-2020-26302

CVE-2020-26302 affects the is.js library. Versions ≤ 0.9.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via a URL-validation regex copied from a gist; under malicious input the regex can loop indefinitely. The issue is documented across multiple sources (e.g., GHSA- PVRW-G6FX-MC...

CVE-2020-26302

is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to...

[SECURITY] [DLA 3247-1] node-trim-newlines security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3247-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb December 23, 2022 https://wiki.debian.org/LTS -...

pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)

Python Packaging Authority PyPA's setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerabl...

pypa/wheel vulnerable to Regular Expression denial of service (ReDoS)

Python Packaging Authority PyPA Wheel is a reference implementation of the Python wheel packaging standard. Wheel 0.37.1 and earlier are vulnerable to a Regular Expression denial of service via attacker controlled input to the wheel cli. The vulnerable regex is used to verify the validity of Whee...

Denial of service

Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS in packageindex.py...

Fedora 36 : gitqlient (2022-784d729f30)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-784d729f30 advisory. Update to latest version Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 36 : glances (2022-e016e6f445)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-e016e6f445 advisory. Update to 3.3.0.1 and CVE-2022-25844 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...

Code injection

is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to...

PT-2022-6568

Name of the Vulnerable Software and Affected Versions Python Charmers Future versions 0.18.2 and earlier Description The issue is related to improper input validation when handling the Set-Cookie header, allowing a remote attacker to send a specially crafted HTTP request and perform a denial of...

CVE-2022-40897

Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS in packageindex.py...

CVE-2022-40897

CVE-2022-40897 affects Python setuptools (PyPA) prior to 65.5.1, enabling a Regular Expression Denial of Service (ReDoS) via HTML in crafted PackageIndex content (package_index.py). Affected component is setuptools; impact is DoS with potential availability disruption. Remediation shown across mu...