CVE-2021-40892

A Regular Expression Denial of Service ReDOS vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgba strings...

CVE-2021-40892

CVE-2021-40892 affects validate-color version 2.1.0. A Regular Expression Denial of Service (ReDoS) occurs when handling crafted invalid rgb(a) strings, attributed to the validateHTMLColorRgb pathway. Impact described as denial of service; no explicit exploit details beyond input crafting. No con...

PT-2022-11322 · Unknown · Underscore-99Xp

Name of the Vulnerable Software and Affected Versions: underscore-99xp version 1.7.2 Description: A Regular Expression Denial of Service ReDOS issue was found when the deepValueSearch function is called. Recommendations: For underscore-99xp version 1.7.2, consider disabling the deepValueSearch...

EulerOS 2.0 SP8 : ruby (EulerOS-SA-2022-1951)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2....

Nextcloud: @nextcloud/logger NPM package brings vulnerable ansi-regex version

Summary: Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the sub-patterns \;? and ?:;-a-zA-Z\d\/&.:=?%@. Details: Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate...

Regular Expression Denial Of Service (ReDoS)

pythonldap is vulnerable to regular expression denial of service. The vulnerability exists in tokenizer.py due to insufficient regular expression in the schema tokenizer which allows an attacker to send a crafted regex input causing an application crash...

CVE-2021-46823

CVE-2021-46823 affects python-ldap prior to 3.4.0. The vulnerability is a ReDoS in the LDAP schema parser when ldap.schema processes untrusted definitions, enabling a remote authenticated attacker to cause a denial of service. Public references in the provided documents consistently tie this to p...

GHSA-38J3-6FM8-PFGC Regular expression denial of service in Delight Nashorn Sandbox

An issue was discovered in Delight Nashorn Sandbox. There is an ReDoS vulnerability that can be exploited to launching a denial of service DoS attack...

Regular expression denial of service in Delight Nashorn Sandbox

An issue was discovered in Delight Nashorn Sandbox. There is an ReDoS vulnerability that can be exploited to launching a denial of service DoS attack...

CVE-2021-21252

A flaw was found in jQuery-validate. There is an issue where it contains one or more regular expressions vulnerable to a Regular Expression Denial of Service ReDoS...

CVE-2021-40660

An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service DoS attack...

CVE-2021-40660

An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service DoS attack...

Code injection

An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service DoS attack...

CVE-2021-40660

An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service DoS attack...

CVE-2021-40660

The CVE-2021-40660 issue affects Delight Nashorn Sandbox 0.2.0. Several connected sources (CNVD/CNNVD, OSV, Red Hat, GHSA) describe a ReDoS-type vulnerability in the sandbox’s regular-expression handling that can be exploited to trigger a denial-of-service condition. The root cause is identified ...

PT-2022-11294 · Unknown · Delight Nashorn Sandbox

Name of the Vulnerable Software and Affected Versions: Delight Nashorn Sandbox version 0.2.0 Description: An issue was discovered in Delight Nashorn Sandbox, which has a ReDoS vulnerability that can be exploited to launch a denial of service DoS attack. Recommendations: For Delight Nashorn Sandbo...

Exploit for Uncontrolled Resource Consumption in Axios

Axios Regular Expression Denial Of Service Attack This repo h...

Amazon Linux AMI : python27 (ALAS-2022-1593)

The version of python27 installed on the remote host is prior to 2.7.18-2.142. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1593 advisory. In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-2761...

npm Devcert Denial of Service Vulnerability

Devcert is a package for SSL development from npm, Inc. A denial of service vulnerability exists in versions prior to Devcert 1.2.1, which stems from triggering an exponential ReDoS regular expression denial of service in the Devcert package. An attacker could exploit this vulnerability to cause ...

Medium: python27

Issue Overview: In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-27619 The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. Wh...