3332 matches found
GHSA-29MW-WPGM-HMR9 Regular Expression Denial of Service (ReDoS) in lodash
All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. Steps to reproduce provided by reporter Liyuan Chen: js var lo = require'lodash'; function buildblankn var ret = "1" for var i = 0; i n; i++ r...
Regular Expression Denial of Service (ReDoS) in lodash
All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. Steps to reproduce provided by reporter Liyuan Chen: js var lo = require'lodash'; function buildblankn var ret = "1" for var i = 0; i n; i++ r...
ReDOS in Vfsjfilechooser2
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Vfsjfilechooser2 which occurs when the application attempts to validate crafted URIs...
GHSA-C7FH-CHF7-JR5X ReDOS in Vfsjfilechooser2
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Vfsjfilechooser2 which occurs when the application attempts to validate crafted URIs...
EulerOS Virtualization 3.0.2.6 : python-pillow (EulerOS-SA-2021-2893)
According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb...
EulerOS Virtualization 3.0.2.6 : python-jinja2 (EulerOS-SA-2021-2877)
According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre...
Regular Expression Denial Of Service (ReDoS)
nltk is vulnerable to regular expression denial of service. The vulnerability exists due to the inefficient regex pattern used in maltregextagger function of malt.py and getpostagger function of glue.py, allowing an attacker to cause an application crash by providing malicious payload against...
CVE-2021-40110 Apache James IMAP vulnerable to a ReDoS
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of...
DEBIAN-CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
Design/Logic Flaw
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
CVE-2021-41817
CVE-2021-41817 is a Ruby-related ReDoS in Date parsing. The vulnerability affects Ruby’s date parsing pathways (notably date parsing methods) up to versions around 3.2.0, enabling denial-of-service via crafted date strings. The fixed releases cited in the sources are 3.2.1, 3.1.2, 3.0.2, and 2.0....
CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2021-2877)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated calibre packages fix security vulnerability
ReDoS vulnerability in htmlpreprocessrules in ebooks/conversion/preprocess.py...
MGASA-2021-0593 Updated calibre packages fix security vulnerability
ReDoS vulnerability in htmlpreprocessrules in ebooks/conversion/preprocess.py...