CVE-2022-21222

A vulnerability was found in the css-what package. The flaw allows Regular expression denial of service ReDoS attacks, affecting system availability...

CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

DEBIAN-CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

Design/Logic Flaw

The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service ReDoS due to improper usage of regular expression in the parser of Colors.js...

CVE-2022-21222

CVE-2022-21222 affects the Node.js package css-what prior to version 2.1.3. The vulnerability stems from an insecure regular expression in the re_attr variable of index.js, enabling Regular Expression Denial of Service (ReDoS) via the parse function. Affected users should upgrade to 2.1.3 or newe...

CVE-2022-21222 Regular Expression Denial of Service (ReDoS)

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

CVE-2022-24373

React Native Reanimated is vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of a regular expression in the Colors.js parser. Affected versions are prior to 3.0.0-rc.1 (and, per multiple sources, prior to 2.10.0 as well). The root cause is the Colors.js parser’s reg...

CVE-2022-24373 Regular Expression Denial of Service (ReDoS)

The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service ReDoS due to improper usage of regular expression in the parser of Colors.js...

PT-2022-14933 · Css-What +2 · Css-What +2

Name of the Vulnerable Software and Affected Versions: css-what versions prior to 2.1.3 Description: The issue is related to a Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression in the re attr variable of index.js. This could be triggered via the parse...

d3-color vulnerable to ReDoS

The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds...

ReDoS issue in dparse

Impact dparse versions prior to 0.5.1 contain a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. All users parsing index server URLs with dparse are impacted by this vulnerability. Patches The Patch is applied in the 0.5.2 version, all users are recommended to...

GHSA-8FG9-P83M-X5PQ ReDoS issue in dparse

Impact dparse versions prior to 0.5.1 contain a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. All users parsing index server URLs with dparse are impacted by this vulnerability. Patches The Patch is applied in the 0.5.2 version, all users are recommended to...

Nextcloud: [nextcloud/server] Moment.js vulnerable to Inefficient Regular Expression Complexity

Describe the bugs: 🐛 moment is a lightweight JavaScript date library for parsing, validating, manipulating, and formatting dates. affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the preprocessRFC2822 function in from-string.js, when processing a...

CVE-2022-40023

A vulnerability was found in the mako package. Affected versions of this package are vulnerable to Regular expression denial of service ReDoS attacks, affecting system availability...

Oracle Linux 9 : nodejs / and / nodejs-nodemon (ELSA-2022-6595)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6595 advisory. - Rebase to version 16.16.0 Resolves: RHBZ2106290 Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 Tenable has extracted the...

steal Inefficient Regular Expression Complexity vulnerability via string variable

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the string variable in babel.js...

CVE-2022-37259

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the string variable in babel.js...

CVE-2022-37259

CVE-2022-37259 affects stealjs/steal version 2.2.4. The root cause is a Regular Expression Denial of Service (ReDoS) flaw exposed via a string variable in babel.js. The CVSS metrics indicate Network attack vector, low attack complexity, no privileges or user interaction, with availability impact ...

ALSA-2022:6595 Moderate: nodejs and nodejs-nodemon security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.16.0, nodejs-nodemon 2.0.19. BZ2124230, BZ2124233 Security Fixes: nodejs-ini:...