EulerOS 2.0 SP9 : python3 (EulerOS-SA-2022-1033)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.2.6)

An update is now available for OpenShift Logging 5.2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.3.3)

An update is now available for OpenShift Logging 5.3.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to regular expression denial of service. An attacker is able to induce the system into backtracking by injecting a maliciously crafted string via a variable inline.reflink search...

Inefficient Regular Expression Complexity in parallax/jspdf

Description The jspdf package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted input to the setZoomMode functionality may cause an application to consume an excessive amount of CPU. Proof of Concept // PoC.js var jsPDF = require"jspdf".jsPDF...

CVE-2022-21680

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...

DEBIAN-CVE-2022-21680

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...

CVE-2022-21680

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...

CVE-2022-21680 Cubic catastrophic backtracking (ReDoS) in marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...

CVE-2022-21680

CVE-2022-21680 affects the Node.js Marked markdown parser. Prior to 4.0.10, regex block.def can cause catastrophic backtracking leading to ReDoS when processing untrusted markdown; patch is 4.0.10. Workarounds include running Marked in a worker thread with a reasonable time limit or avoiding untr...

CVE-2022-21680

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...

CVE-2022-21680 Cubic catastrophic backtracking (ReDoS) in marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...

Regular Expression Denial Of Service (ReDoS)

h2o is vulnerable to regular expression denial of service. The use of inefficient regular expression allows an attacker to provide a malicious input string, causing extreme use of regex engine and crashing the application...

PT-2022-7078 · Marked +1 · Marked +1

Name of the Vulnerable Software and Affected Versions: Marked versions prior to 4.0.10 Description: The issue is related to the regular expression block.def which may cause catastrophic backtracking against some strings, leading to a regular expression denial of service ReDoS. This can affect...

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1 3.1.2 3.0.2 and 2.0.1.

...

Ruby: URI parser's RFC3986 regular expression has poor performance when there are two # characters, leading to ReDoS

A vulnerability was found in the URI parser's RFC3986 regular expression. It has poor performance when parsing URLs with two characters, leading to denial of service through resource exhaustion...

NLTK Vulnerable to REDoS

NLTK is vulnerable to REDoS in some RegexpTaggers used in the functions getpostagger and maltregextagger...

GHSA-Q674-XM3X-2926 Uncontrolled Resource Consumption in parse-link-header

The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the checkHeader function...

Regular Expression Denial of Service (ReDoS) in braces

A vulnerability was found in Braces versions from v2.2.0 up to but not including v2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks. This has been patched in version 2.3.1...

GHSA-CWFW-4GQ5-MRQX Regular Expression Denial of Service (ReDoS) in braces

A vulnerability was found in Braces versions from v2.2.0 up to but not including v2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks. This has been patched in version 2.3.1...