3332 matches found
Regular Expression Denial Of Service (ReDoS)
jquery-validation is vulnerable to regular expression denial of service. The vulnerability exists in addMethod in url2.js due to insufficient regular expression complexity which allows an attacker to cause a ReDoS...
Regular Expression Denial Of Service (ReDoS)
devcert is vulnerable to regular expression denial of service. An attacker can crash the application by providing a malicious input to the certificateFor function of index.ts due to the insecure regex pattern used for VALIDIP and VALIDDOMAIN parameters...
Regular expression denial of service in devcert
An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...
Regular expression denial of service in semver-regex
An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...
GHSA-MMH6-M7V9-5956 Regular expression denial of service in markdown-link-extractor
An exponential ReDoS Regular Expression Denial of Service can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function...
CVE-2022-1929
An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...
CVE-2022-1929
An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...
CVE-2021-43308
An exponential ReDoS Regular Expression Denial of Service can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function...
CVE-2021-43307
An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...
CVE-2021-43306
An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...
CVE-2021-43306
An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...
Design/Logic Flaw
An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...
Input validation
An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...
Input validation
An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...
Design/Logic Flaw
An exponential ReDoS Regular Expression Denial of Service can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function...
UBUNTU-CVE-2021-43306
An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...
npm jquery-validation 安全漏洞
npm jquery-validation is a form insertion validation application provided by npm, Inc. npm jquery-validation version 1.19.3 contains a denial of service vulnerability, which stems from the fact that an attacker who is able to provide arbitrary input to the url2 method can trigger a denial of...
Design/Logic Flaw
BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service ReDoS attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5...
CVE-2022-29169 ReDoS on endpoint html5client/useragent in BigBlueButton
BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service ReDoS attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5...
CVE-2022-29169
BigBlueButton is vulnerable to a ReDoS in the bbb-html5 service due to the useragent lookup path. Affected software: BigBlueButton versions starting with 2.2 and before 2.3.19, 2.4.7, and 2.5.0-beta.2. Root cause: the useragent.lookup() function uses regex-based input handling in html5client/user...