CVE-2022-42964

CVE-2022-42964 affects the Python package pymatgen (PyPI). The vulnerability arises in the function/flow related to parsing Gaussian inputs, specifically GaussianInput.from_string, where crafted input can trigger an exponential ReDoS in the regular expression handling. This condition can lead to ...

CVE-2022-42964 Exponential ReDoS in pymatgen leads to denial of service

An exponential ReDoS Regular Expression Denial of Service can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.fromstring method...

CVE-2022-42965 Exponential ReDoS in snowflake-connector-python leads to denial of service

An exponential ReDoS Regular Expression Denial of Service can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented getfiletransfertype method...

CVE-2022-42966

An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...

CVE-2022-42964

An exponential ReDoS Regular Expression Denial of Service can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.fromstring method...

pymatgen 安全漏洞

pymatgen is an open source Python library for material analysis. A security vulnerability exists in pymatgen that can be exploited to trigger an exponential ReDoS when an attacker provides arbitrary input to the GaussianInput.fromstring method...

CVE-2022-37603

A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service ReDoS, affecting the availability of the affected component...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.4.8 General Availability release images, which fix security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2022-37620

CVE-2022-37620: ReDoS in kangax/html-minifier 4.0.0 due to reCustomIgnore regex. CVSS v3.1 base score 7.5 (HIGH); attack vector NETWORK, complexity LOW, no privileges required, no user interaction; impact: Availability loss. Remediation: upgrade/downgrade to a non-vulnerable/html-minifier version...

PT-2022-24031

Name of the Vulnerable Software and Affected Versions kangax html-minifier version 4.0.0 Description A Regular Expression Denial of Service ReDoS flaw was found in the candidate variable in htmlminifier.js. This issue can cause a denial of service. Recommendations For kangax html-minifier version...

OESA-2022-2028 nodejs-minimatch security update

Converts glob expressions to JavaScript "RegExp" objects. Security Fixes: A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service.CVE-2022-3517...

Regular Expression Denial Of Service (ReDoS)

shescape is vulnerable to denial of service. The vulnerability is due to insecure regex in the escapeArgBash function of unix.js which allows an attacker to crash the application by providing a malicious user input...

CVE-2022-25918

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function...

CVE-2022-25918

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function...

Code injection

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function...

CVE-2022-25918

CVE-2022-25918 affects the npm package shescape (versions 1.5.10 and earlier than 1.6.1). The vulnerability is a Regular Expression Denial of Service (ReDoS) in the escape function (index.js) caused by an insecure regex in escapeArgBash. Exploitation can cause high CPU usage or denial of service ...

CVE-2022-25918 Regular Expression Denial of Service (ReDoS)

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function...

Apache IoTDB subject to ReDOS with Java 8

Apache IoTDB versions 0.12.2 through 0.12.6, and 0.13.0 through 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. This issue is patched in 0.13.3. Users should upgrade or use a later version of Java to avoid it...

GHSA-CR84-XVW4-QX3C Inefficient Regular Expression Complexity in shescape

Impact This impacts users that use shescape to escape arguments: - for the Unix shell Bash, or any not-officially-supported Unix shell; - using the escape or escapeAll functions with the interpolation option set to true. An attacker can cause polynomial backtracking in terms of the input string...

Inefficient Regular Expression Complexity in shescape

Impact This impacts users that use shescape to escape arguments: - for the Unix shell Bash, or any not-officially-supported Unix shell; - using the escape or escapeAll functions with the interpolation option set to true. An attacker can cause polynomial backtracking in terms of the input string...