CVE-2021-43854 Inefficient Regular Expression Complexity in nltk

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is present in...

CVE-2021-43854

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is present in...

PT-2021-24242 · Unknown · Cve-Search

Name of the Vulnerable Software and Affected Versions: cve-search versions prior to 4.1.0 Description: The issue in cve-search allows regular expression injection, which can lead to ReDoS regular expression denial of service or other impacts. This occurs in the lib/DatabaseLayer.py file...

Inefficient Regular Expression Complexity in idank/explainshell

Description In the latest version of explainshell ebc5e9f2 I discovered regular expression that is vulnerable to ReDoS Regular Expression Denial of Service Proof of Concept PoC based on code in explainshell/options.py Python import logging import re if name == "main":...

Inefficient Regular Expression Complexity in python/cpython

Description In recent cpython version 31ff9671 I discovered regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. Vulnerability exists in EntryPoint class which is used to parse package/module entry-points. Proof of Concept Simplified PoC based on init.py Python...

CVE-2021-43843

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...

CVE-2021-43843

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...

CVE-2021-43843

CVE-2021-43843 concerns the jsx-slack package, where the patch for CVE-2021-43838 in v4.5.1 failed to fully protect against a ReDoS caused by multibyte characters in a blockquote. The issue affects jsx-slack’s internal escaping regex, potentially increasing resource usage when many JSX elements a...

Ubuntu 18.04 LTS : Python vulnerabilities (USN-5199-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5199-1 advisory. It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially...

Regular Expression Denial of Service (ReDoS) in jsx-slack

jsx-slack v4.5.1 and earlier versions are vulnerable to a regular expression denial-of-service ReDoS attack. Impact If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. javascript /...

GHSA-55XV-F85C-248Q Regular Expression Denial of Service (ReDoS) in jsx-slack

jsx-slack v4.5.1 and earlier versions are vulnerable to a regular expression denial-of-service ReDoS attack. Impact If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. javascript /...

CVE-2021-43838

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service ReDoS attack. If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping character...

CVE-2021-43838

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service ReDoS attack. If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping character...

CVE-2021-43838

The vulnerability CVE-2021-43838 affects the jsx-slack package (<= version 4.5.1). An internal regular expression used to escape blockquote content can suffer catastrophic backtracking when encountering multibyte characters inside a , potentially allowing a ReDoS-type resource exhaustion. Conn...

CVE-2021-43838 Regular Expression Denial of Service (ReDoS) in jsx-slack

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service ReDoS attack. If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping character...

USN-5200-1 python3.7, python3.8 vulnerabilities

It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex allowing for catastrophic backtracking. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service ReDoS condition for a client. CVE-2020-8492 It was...

USN-5199-1: Python vulnerabilities

It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service ReDoS condition for a client. CVE-2021-3733 It w...

SUSE: Security Advisory (SUSE-SU-2021:4104-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-38244

A regular expression denial of service ReDoS vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json...

Denial of service

A regular expression denial of service ReDoS vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json...