GHSA-QCVW-82HH-GQ38 Istio ReDoS Vulnerability

Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API...

CVE-2021-42248

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42836. Reason: This candidate is a duplicate of CVE-2021-42836. Notes: All CVE users should reference CVE-2021-42836 instead of this candidate...

Input validation

GJSON = 1.9.2 allows attackers to cause a redos via crafted JSON input...

Regular Expression Denial Of Service (ReDoS)

urlregex is vulnerable to regular expression denial of service. The vulnerability exists due to a lack of sanitization which allows an attacker to cause an application crash via cpu usage...

Regular expression denial of service in url_regex

All versions of package url-regex are vulnerable to Regular Expression Denial of Service ReDoS which can cause the CPU usage to crash...

GHSA-HG3W-7HJ9-M3F7 Regular expression denial of service in url_regex

All versions of package url-regex are vulnerable to Regular Expression Denial of Service ReDoS which can cause the CPU usage to crash...

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

CVE-2022-21195

CVE-2022-21195 concerns the Python package url_regex (url-regex); all versions are reported as vulnerable to Regular Expression Denial of Service (ReDoS) due to catastrophic backtracking in regex matching. Exploitation would cause high CPU usage, potentially crashing affected applications. Public...

Regular Expression Denial Of Service (ReDoS)

org.apache.shenyu:shenyu-plugin-base is vulnerable to regular expression denial of service ReDoS attacks. Both conditionData and realData parameters in judge function in RegexPredicateJudge.java are user controlled entities. A remote attacker is able to cause resource exhaustion by passing...

Oracle Linux 8 : python38:3.8 / and / python38-devel:3.8 (ELSA-2022-1764)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1764 advisory. - Fix for CVE-2021-3733 and CVE-2021-3737 Resolves: rhbz1995234, rhbz1995162 python3x-pip Tenable has extracted the preceding description block directl...

GHSA-CQF7-FF9H-7967 Django ReDoS in validators.URLValidator

validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service CPU consumption via unspecified vectors...

AlmaLinux 8 : python38:3.8 and python38-devel:3.8 (ALSA-2022:1764)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1764 advisory. python: urllib: Regular expression DoS in AbstractBasicAuthHandler CVE-2021-3733 python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass...

CVE-2021-27292

A regular expression denial of service ReDoS vulnerability was found in the npm library ua-parser-js. If a supplied user agent matches the Noble string and contains many spaces then the regex will conduct backtracking, taking an ever increasing amount of time depending on the number of spaces...

EulerOS Virtualization 3.0.2.0 : ruby (EulerOS-SA-2022-1676)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV...

CVE-2022-21680

A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service ReDoS attacks, affecting system availability...

CVE-2022-21681

A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service ReDoS attacks, affecting system availability...

Regular Expression Denial Of Service (ReDoS)

hawk is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to increase the computational time exponentially by adding a huge number of characters through Hawk.utils.parseHost function to slowdown and cause denial of service conditions in the application...

CVE-2022-29167

A regular expression denial of service ReDoS was found in Hawk in its header parsing functionality. The issue arises from inadequate input validation in the Hawk.utils.parseHost function when processing untrusted input with regular expressions. This flaw allows an attacker to send a specially...

CVE-2022-29167 ReDoS vulnerability in header parsing in hawk

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

Regular Expression Denial Of Service (ReDoS)

angular is vulnerable to regular expression denial of service. An attacker can crash the application by providing a very high value of custom locale rule through the posPre attribute in the parsePattern function of parser.js...