3332 matches found
CVE-2022-31147
The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...
Input validation
The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...
CVE-2022-31147
The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...
UBUNTU-CVE-2022-31147
The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...
CVE-2022-31147 jquery-validation ReDoS in url2 due to incomplete fix of CVE-2021-43306
The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...
CVE-2022-31147
The vulnerability CVE-2022-31147 affects the jquery-validation plugin (npm/package jquery-validation). Versions prior to 1.19.5 are vulnerable to a Regular Expression Denial of Service (ReDoS) in the url2 method, due to an incomplete fix for CVE-2021-43306. Impact is a potential DoS; no exploit d...
CVE-2022-31147 jquery-validation ReDoS in url2 due to incomplete fix of CVE-2021-43306
The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...
nodejs-trim-newlines: ReDoS in .end() method
A flaw was found in nodejs-trim-newlines. Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...
Regular Expression Denial Of Service (ReDoS)
tapestry-http is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the PATTERN attribute in the ContentType function of ContentType.java, allowing an attacker to cause an application crash through the maliciously crafted conten...
jquery-validation 安全漏洞
npm jquery-validation is npm's way of providing plug-in validation for your existing forms while making it easy to customize them to fit your application. A security vulnerability exists in jquery-validation versions prior to 1.19.5, which stems from a ReDoS that can be triggered in the...
CVE-2022-31781
Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service ReDoS in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on...
Input validation
Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service ReDoS in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on...
CVE-2022-31781
CVE-2022-31781 affects Apache Tapestry up to version 5.8.1. It is a Regular Expression Denial of Service (ReDoS) vulnerability in how the ContentType class handles Content Types, where crafted inputs may cause catastrophic backtracking and exponential-time processing. The issue is triggered only ...
CVE-2022-31781 Regular Expression Denial of Service (ReDoS) in ContentType.java. (GHSL-2022-022)
Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service ReDoS in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on...
Regular Expression Denial Of Service (ReDoS)
py3-mistune is vulnerable to regular expression denial of service. An attacker is able crash the system by injecting a maliciously crafted string into ASTERISKEMPHASIS...
CVE-2022-31129
A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...
GHSA-WC69-RHJR-HC9G Moment.js vulnerable to Inefficient Regular Expression Complexity
Impact using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has quadratic N^2 complexity on specific inputs noticeable slowdown is observed with inputs above 10k characters users who pass user-provided strings without sanity length checks to moment...
Moment.js vulnerable to Inefficient Regular Expression Complexity
Impact using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has quadratic N^2 complexity on specific inputs noticeable slowdown is observed with inputs above 10k characters users who pass user-provided strings without sanity length checks to moment...
Internet Bug Bounty: Rack CVE-2022-30122: Denial of Service Vulnerability in Rack Multipart Parsing
ReDoS in Rack::Multipart::BROKENQUOTED and Rack::Multipart::BROKENUNQUOTED. https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk Carefully crafted multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a possible denial of service...
Regular Expression Denial Of Service (ReDoS)
scss-tokenizer is vulnerable to regular expression denial of service. The vulnerability exists in the loadAnnotation function of previous-map.js due to the insecure regex pattern used in the match attribute, allowing an attacker to crash the application by providing malicious input...