Design/Logic Flaw

An exponential ReDoS Regular Expression Denial of Service can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method...

CVE-2021-43309 ReDoS in uri-template-lite URI.expand function

An exponential ReDoS Regular Expression Denial of Service can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method...

uri-template-lite 安全漏洞

uri-template-lite is a LiteJS open source URI template RFC 6570 expansion and extraction. uri-template-lite has a security vulnerability that can trigger an exponential ReDoS in the uri-template-lite package when an attacker is able to provide arbitrary input to the URI.expand method...

Regular Expression Denial Of Service (ReDoS)

eth-account is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the TYPEREGEX attribute in the validatetypesattribute function of validation.py, allowing an attacker to crash the application by providing a malicious input...

CVE-2022-1930

CVE-2022-1930 – ReDoS in eth-account encode_structured_data Affected software: eth-account Python package. Vulnerable component: encode_structured_data function, with root cause linked to the insecure regex pattern used for TYPE_REGEX in validation.py, enabling exponential Regular Expression Deni...

eth_account 安全漏洞

ethaccount is an ethereum account generator. A security vulnerability exists in versions of ethaccount prior to 0.5.9, which can be exploited by an attacker to trigger an exponential ReDoS in the eth-account PyPI package when providing arbitrary input to the encodestructureddata method...

PT-2022-4437 · Pypi · Eth-Account

Name of the Vulnerable Software and Affected Versions: eth-account affected versions not specified Description: The issue is related to an exponential ReDoS Regular Expression Denial of Service that can be triggered in the eth-account PyPI package. This occurs when an attacker is able to supply...

Regular Expression Denial Of Service (ReDoS)

schroot is vulnerable to regualr expression denial of service. The vulnerability exists in isvalidsessionname in sbuild-util.cc because it doesn't limit the allowed characters on schroot names properly which allows an attacker to perform a ReDoS attack...

AlmaLinux 8 : ruby:2.5 (5779) (ALSA-2022:5779)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5779 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 ruby: Cookie prefix spoofing in CGI::Cookie.parse...

Oracle Linux 8 : ruby:2.5 (ELSA-2022-5779)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5779 advisory. - Fix by adding length limit option for methods that parses date strings. Resolves: CVE-2021-41817 Tenable has extracted the preceding description bloc...

CVE-2022-25758

A flaw was found in the scss-tokenizer package. Affected versions of this package are vulnerable to a regular expression denial of service ReDoS attacks...

Regular Expression Denial Of Service (ReDoS)

Node-fetch is vulnerable to denial of service. The vulnerability lies in the referrer field in the fetch function, leading to inefficient Regular Expression Complexity. If an attacker is able to use a large character string in the referrer field, the program will either hang or crash...

node-fetch Inefficient Regular Expression Complexity

node-fetch is a light-weight module that brings window.fetch to node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the isOriginPotentiallyTrustworthy function in referrer.js, when processing a URL string with alternating letters and periods,...

OESA-2022-1792 python-ldap security update

python-ldap provides an object-oriented API for working with LDAP within Python programs. It allows access to LDAP directory servers by wrapping the OpenLDAP 2.x libraries, and contains modules for other LDAP-related tasks including processing LDIF, LDAPURLs, LDAPv3 schema, etc.. Security Fixes:...

glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service

glob-parent 6.0.0 is vulnerable to Regular Expression Denial of Service ReDoS. This issue is fixed in version 6.0.1. This vulnerability is separate from GHSA-ww39-953v-wcq6...

Terser insecure use of regular expressions leads to ReDoS

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure usage of regular expressions...

DEBIAN-CVE-2022-25858

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure usage of regular expressions...

CVE-2022-25858

CVE-2022-25858 affects terser: versions 4.8.1 and later (and 5.x from 5.0.0 up to before 5.14.2) are vulnerable to ReDoS due to insecure regex usage during minification. Impact can be a Denial of Service via crafted inputs. Mitigation: upgrade terser to 4.8.1+ or to 5.14.2+ (i.e., the fixed relea...

Regular Expression Denial Of Service (ReDoS)

jquery-validation is vulnerable to regular expression denial of service. The vulnerability exists in the url parse function in src/core.js, and due to insufficient regular expression complexity checks an attacker can cause a ReDoS when supplying input to the url parse function. This CVE exists du...

RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.1] (RHSA-2022:5555)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5555 advisory. The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to...