CVE-2022-29158 Regular Expression Denial of Service (ReDoS) vulnerability in Apache OFBiz

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service ReDoS in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599...

CVE-2022-29158

CVE-2022-29158 affects Apache OFBiz up to version 18.12.05. The issue is a Regular Expression Denial of Service (ReDoS) in how OFBiz handles URLs provided by external, unauthenticated users. Several trusted sources in the connected set corroborate this vulnerability and the remediation: upgrade t...

PT-2022-19419 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions prior to 18.12.06 Description: The issue arises from the way Apache OFBiz handles URLs provided by external, unauthenticated users, making it vulnerable to Regular Expression Denial of Service ReDoS. Recommendations: For...

GHSA-VQC4-V8HC-H2JG Polynomial regular expression used on uncontrolled data in nitrado.js

Impact Possible ReDoS with lib input of and with many repetitions of | Patches Patched in all versions above 0.2.5 Workarounds No known work arounds. References - OWASP: Regular expression Denial of Service - ReDoS - Wikipedia: ReDoS. - Wikipedia: Time complexity. - James Kirrage, Asiri Rathnayak...

Polynomial regular expression used on uncontrolled data in nitrado.js

Impact Possible ReDoS with lib input of and with many repetitions of | Patches Patched in all versions above 0.2.5 Workarounds No known work arounds. References - OWASP: Regular expression Denial of Service - ReDoS - Wikipedia: ReDoS. - Wikipedia: Time complexity. - James Kirrage, Asiri Rathnayak...

Sanitize-html Vulnerable To REDoS Attacks

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

CVE-2022-25887

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

CVE-2022-25887

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

Design/Logic Flaw

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

CVE-2022-25887 Regular Expression Denial of Service (ReDoS)

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

CVE-2022-25887

CVE-2022-25887 affects the Node.js package Sanitize-html up to version 2.7.1, vulnerable to a Regular Expression Denial of Service (ReDoS) caused by insecure global regex replacement during HTML comment removal. The NVD entry reports a CVSS v3.1 base score of 7.5 (high impact) with network attack...

CVE-2022-25887

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

Ruby on Rails: ReDoS (Rails::Html::PermitScrubber.scrub_attribute)

I have confirmed that ReDoS occurs on Rails::Html::PermitScrubber.scrubattribute. https://github.com/rails/rails-html-sanitizer/blob/v1.4.3/lib/rails/html/scrubbers.rbL134 ruby def scrubattributenode, attrnode attrname = if attrnode.namespace "attrnode.namespace.prefix:attrnode.nodename" else...

CVE-2022-36034

nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of and with many repetitions of |. This issue has been patched in all versions above 0.2.5. There are currently no known workarounds...

CVE-2022-36034 Possible Regular Expression Denial of Service (ReDoS) used on uncontrolled data in nitrado.js

nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of and with many repetitions of |. This issue has been patched in all versions above 0.2.5. There are currently no known workarounds...

CVE-2022-36034

CVE-2022-36034 concerns nitrado.js, a type-safe wrapper for the Nitrado API. The vulnerability is a Regular Expression Denial of Service (ReDoS) caused by polynomial/complex regex handling on uncontrolled input (notably patterns like {{ and repeated {{|). Impact, per multiple sources, is High (CV...

Regular Expression Denial Of Service (ReDoS)

uri-template-lite is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the expandRe attribute in index.js, allowing an attacker to crash the application by providing a malicious input through the URI.expand method...

GHSA-CHW2-6C7R-37P7 uri-template-lite Regular Expression Denial of Service

An exponential ReDoS Regular Expression Denial of Service can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method...

uri-template-lite Regular Expression Denial of Service

An exponential ReDoS Regular Expression Denial of Service can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method...

CVE-2021-43309

An exponential ReDoS Regular Expression Denial of Service can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method...