CVE-2021-38244

cbioPortal

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

OPENSUSE-SU-2021:4104-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc bsc1183374. - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server bsc1189241. - CVE-2021-3737: Fixed ReDoS in urllib.request...

SUSE-SU-2021:4104-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc bsc1183374. - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server bsc1189241. - CVE-2021-3737: Fixed ReDoS in urllib.request...

RHEL 8 : nodejs:16 (RHSA-2021:5171)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5171 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Security update for python3 (moderate)

openSUSE Security Update: Security update for python3 Announcement ID: openSUSE-SU-2021:4104-1 Rating: moderate References: 1180125 1183374 1183858 1185588 1187668 1189241 1189287 Cross-References: CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 CVSS scores: CVE-2021-3426 NVD : 5.7...

SUSE-SU-2021:4015-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading DoS after a http 100. bsc1189241 - CVE-2021-3733: Fixed ReDoS in urllib.request. bsc1189287 - CVE-2021-3426: Fixed an information disclosure via pydoc. bsc1183374 - Rebuild to get new...

Regular Expression Denial Of Service (ReDoS)

js-beautify is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to manipulate the application by inserting specifically crafted input string via the Tokenizer function, resulting in denial of service conditions...

ReDOS in IS-SVG

A vulnerability was discovered in IS-SVG version 4.3.1 and below where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string...

Improper Input Validation in is-email

is-email helps validate an email address. A ReDoS regular expression denial of service flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmailinput function may cause an application to consume an excessive amount of...

GHSA-J377-2X76-558H Improper Input Validation in is-email

is-email helps validate an email address. A ReDoS regular expression denial of service flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmailinput function may cause an application to consume an excessive amount of...

Oracle Linux 8 : python27:2.7 (ELSA-2021-4151)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4151 advisory. - In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-27619 - The packag...

Unspecified vulnerability in calibre

Calibre is an open source free all-in-one eBook reading management and format conversion tool. A security vulnerability exists in calibre before 5.32.0, which stems from the inclusion of regular expressions vulnerable to ReDoS Regular Expression Denial of Service attacks in htmlpreprocessrules in...

ReDos vulnerability on guest checkout email validation

Impact Denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like a.a.. Before the patch, it can be reproduced in the console like this: ruby irbmain...

CVE-2021-43805 ReDos vulnerability on guest checkout email validation

Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential...

Inefficient Regular Expression Complexity in nltk/nltk

Description nltk is vulnerable to ReDoS attack because of ^-?0-9+.0-9+?$ regex. If attacker succeeds to use malicious payload against RegexpTagger used in function getpostagger and maltregextagger, it will cause a nasty DoS. Proof of Concept // PoC.py import re, time pattern =...

CVE-2021-44686

calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service in htmlpreprocessrules in ebooks/conversion/preprocess.py...

CVE-2021-44686

calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service in htmlpreprocessrules in ebooks/conversion/preprocess.py...

CVE-2021-44686

calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service in htmlpreprocessrules in ebooks/conversion/preprocess.py...

ReDos vulnerability on guest checkout email validation

Impact Denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like a.a.. Before the patch, it can be reproduced in the console like this: ruby irbmain...