CVE-2022-29169 ReDoS on endpoint html5client/useragent in BigBlueButton

BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service ReDoS attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5...

CVE-2022-1929 Exponential ReDoS in devcert

An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...

CVE-2022-1929

CVE-2022-1929 affects the npm package devcert. Affected component: the certificateFor function and the underlying regex patterns for VALID_IP/VALID_DOMAIN, leading to an exponential ReDoS (Denial of Service) when attacker-controlled input is provided. Public sources describe a denial of service a...

CVE-2021-43308 Exponential ReDoS in markdown-link-extractor

An exponential ReDoS Regular Expression Denial of Service can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function...

CVE-2021-43308

CVE-2021-43308 affects the npm package markdown-link-extractor . The vulnerability is an exponential ReDoS that can be triggered by attacker-supplied input to the module’s exported function, with specifics citing an insecure regex pattern used for the image parameter. Public details describe a Do...

CVE-2021-43307

CVE-2021-43307 is a Denial of Service vulnerability in the semver-regex npm package that can be triggered by arbitrary input to the test() method, causing an exponential ReDoS. Public sources (CNVD-2022-76985) indicate DoS affects semver-regex versions prior to 3.1.4 and 4.0.0–4.0.2; patch versio...

CVE-2021-43307 Exponential ReDoS in semver-regex

An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...

CVE-2021-43306

The CVE-2021-43306 entry concerns the jQuery Validation Plugin (jquery-validation). The vulnerability is a Regular Expression Denial of Service (ReDoS) triggered when an attacker can supply arbitrary input to the url2 method, due to an incomplete fix for CVE-2021-43306. Affected versions are thos...

CVE-2021-43306

An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...

Regular Expression Denial Of Service (ReDoS)

org.apache.tika:tika is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to cause denial of service conditions to the users who are running the StandardsExtractingContentHandler, due to a insecure regular expression usage in StandardsText class by backtracking...

Apache Tika Denial of Service Vulnerability (CNVD-2022-73263)

Apache Tika is a collection of content extraction tools from the Apache Foundation that integrates POI an open source library that uses Java programs to provide read and write functionality for Microsoft Office format documents, Pdfbox a pure Java class library for reading and creating PDF...

PT-2022-11820 · Npm · Markdown-Link-Extractor

Name of the Vulnerable Software and Affected Versions: markdown-link-extractor npm package affected versions not specified Description: The issue is related to an exponential ReDoS Regular Expression Denial of Service that can be triggered when an attacker supplies arbitrary input to the module's...

Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.5 security and bug fix update

The Migration Toolkit for Containers MTC 1.6.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Regular Expression Denial Of Service (ReDoS)

rack is vulnerable to regular expression denial of service. The vulnerability exists because the BROKENQUOTED and BROKENUNQUOTED attributes in the Multipart module of multipart.rb does not properly restrict the broken mime parser, allowing an attacker to crash the application by providing malicio...

CVE-2022-1929

An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...

Duplicate Advisory: ReDoS via crafted JSON input in GJSON

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ppj4-34rq-v8j9. This link is maintained to preserve external references. Original Description GJSON = 1.9.2 allows attackers to cause a redos via crafted JSON input...

GHSA-C9GM-7RFJ-8W5H Duplicate Advisory: ReDoS via crafted JSON input in GJSON

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ppj4-34rq-v8j9. This link is maintained to preserve external references. Original Description GJSON = 1.9.2 allows attackers to cause a redos via crafted JSON input...

CKEditor 4 ReDoS Vulnerability

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...

GHSA-JV4C-7JQQ-M34X CKEditor 4 ReDoS Vulnerability

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...

Istio ReDoS Vulnerability

Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API...