3332 matches found
PT-2022-17604 · Shescape · Shescape
Name of the Vulnerable Software and Affected Versions: shescape versions 1.5.10 through 1.6.1 Description: The issue is related to a Regular Expression Denial of Service ReDoS vulnerability via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function. This...
minimatch ReDoS vulnerability
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...
CVE-2022-3517
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...
Denial of service
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...
CVE-2022-3517
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...
CVE-2022-3517
CVE-2022-3517 corresponds to a minimatch ReDoS vulnerability in braceExpand. The issue is triggered by specific braceExpand inputs, enabling a Denial of Service with CVSS 3.1 v3.1 base score 7.5 (HIGH). Connected Atlassian Jira entries describe a DoS impact in Jira Software/Data Center, Server (1...
CVE-2022-3517
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...
CVE-2022-3517
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...
Regular Expression Denial Of Service (ReDoS)
loader-utils is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to insecure regular expression in the url variable of the interpolateName function in interpolateName.js. A remote attacker can cause denial of service via malicious regex...
Withdrawn Advisory: ReDoS in py library when used with subversion
Withdrawn Advisory This advisory has been withdrawn because evidence does not suggest that CVE-2022-42969 is a valid, reproducible vulnerability. This link is maintained to preserve external references. Original Description The py library through 1.11.0 for Python allows remote attackers to condu...
CVE-2022-42969
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...
CVE-2022-42969
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...
CVE-2022-42969
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...
Code injection
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled...
CVE-2022-42969
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...
CVE-2022-42969
CVE-2022-42969 affects the Python package py (through 1.11.0). The vulnerability allows a remote ReDoS via a crafted InfoSvnCommand argument in a Subversion repository, caused by mishandling of the info data, per connected IBM security bulletin. The description notes that this issue has been disp...
PT-2022-26687
Name of the Vulnerable Software and Affected Versions py versions through 1.11.0 Description The py library allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled...
CVE-2022-42969
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...
CVE-2022-42969
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...
CVE-2022-3517
A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...