Regular Expression Denial Of Service (ReDoS)

steal is vulnerable to prototype pollution. The vulnerability is possible because of the use of insecure regular expression for input in main.js, causing an application crash...

Regular Expression Denial Of Service (ReDoS)

steal is vulnerable to regular expression denial of service ReDoS attacks. A remote attacker is able to cause a system hang via supplying a maliciously crafted input through source or sourceWithComments variables in main.js...

Input validation

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...

CVE-2022-37260

CVE-2022-37260 describes a Regular Expression Denial of Service (ReDoS) in the StealJS module loader, specifically in steal 2.2.4 via the input variable in main.js. The CVSS 3.1 base score is 7.5 (HIGH), with attack vector NETWORK, attack complexity LOW, and no privileges or user interaction requ...

CVE-2022-37260

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...

Denial of service

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js...

CVE-2022-37262

CVE-2022-37262 is a ReDoS flaw affecting stealjs (StealJS) 2.2.4, reported via the source and sourceWithComments variables in main.js. Connected sources (Red Hat, Veracode, GHSA, OSV, CVE listings) consistently describe a Regular Expression Denial of Service vulnerability exploitable through craf...

Oracle Linux 8 : ruby:2.7 (ELSA-2022-6447)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6447 advisory. - Fix regular Expression Denial of Service Vulnerability of Date Parsing Methods. Resolves: CVE-2021-41817 - Fix cookie prefix spoofing in...

CVE-2022-25858

A vulnerability was found in the terser package. Affected versions of this package are vulnerable to Regular expression denial of service ReDoS attacks, affecting system availability...

CVE-2021-3765

A vulnerability was found in the validator package. Affected versions of this package are vulnerable to Regular expression denial of service ReDoS attacks, affecting system availability...

RLSA-2022:6449 Moderate: nodejs:16 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs-ansi-regex: Regular expression denial of service ReDoS matching ANSI escape codes CVE-2021-3807 nodejs: DNS rebinding in --inspect via...

nodejs:16 security and bug fix update

An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform f...

Important: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update

The Migration Toolkit for Containers MTC 1.7.4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Regular Expression Denial Of Service (ReDoS)

shescape is vulnerable to regular expression denial of service. The vulnerability exists in escapeArgBash function in unix.js due to insufficient regular expression complexity in bash escaping which allows an attacker to cause polynomial backtracking or quadratic runtime resulting an application...

CVE-2022-36064

Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells Bash and Dash, or any not-officially-supported Unix shell; and/or using the escape or escapeAll functions with the...

Code injection

Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells Bash and Dash, or any not-officially-supported Unix shell; and/or using the escape or escapeAll functions with the...

CVE-2022-36064

CVE-2022-36064 (Shescape) affects the JavaScript package Shescape. The vulnerability is an inefficient Regular Expression Complexity (ReDoS) in two RegExes used when escaping arguments for Unix shells (notably Bash/Dash) or when using escape/escapeAll with interpolation enabled. An attacker can c...

CVE-2022-36064 Shescape Inefficient Regular Expression Complexity vulnerability

Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells Bash and Dash, or any not-officially-supported Unix shell; and/or using the escape or escapeAll functions with the...

CVE-2022-29158

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service ReDoS in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599...

Design/Logic Flaw

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service ReDoS in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599...