CVE-2021-41186

CVE-2021-41186 concerns a ReDoS in Fluentd’s parser_apache2 plugin (versions 0.14.14–1.14.1). The issue causes excessive CPU time when processing certain broken Apache log patterns, leading to potential DoS. A fix is available in Fluentd 1.14.2. If upgrading is not feasible, workarounds include: ...

CLSA-2021-1635430087 Fix CVE(s): CVE-2021-3737, CVE-2021-3733

SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-3737-.patch: Fix http client infinite line reading DoS after a HTTP 100 continue in Lib/http/client.py, Lib/test/testhttplib.py. - CVE-2021-3737 SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-3733.patch: fix a ReDoS in...

Regular Expression Denial Of Service (ReDoS)

vuelidate is vulnerable to regular expression denial of service attacks. The vulnerability exists because the url input in 'url.js' is not properly validated. A malicious attacker is able to provide a crafted input which causes an excessive CPU memory consumption...

SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2021:3524-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3524-1 advisory. - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP...

NewStart CGSL CORE 5.05 / MAIN 5.05 : python3 Multiple Vulnerabilities (NS-SA-2021-0147)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python3 packages installed that are affected by multiple vulnerabilities: - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occur...

SUSE-SU-2021:3524-1 Security update for python

This update for python fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading DoS after a http 100. bsc1189241 - CVE-2021-3733: Fixed ReDoS in urllib.request. bsc1189287...

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2021-2609)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-PPJ4-34RQ-V8J9 github.com/tidwall/gjson Vulnerable to REDoS attack

GJSON is a Go package that provides a fast and simple way to get values from a json document. GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

github.com/tidwall/gjson Vulnerable to REDoS attack

GJSON is a Go package that provides a fast and simple way to get values from a json document. GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

PT-2021-23565 · Gjson · Gjson

Name of the Vulnerable Software and Affected Versions: GJSON versions 1.9.2 and earlier GJSON version 1.9.3 is not affected, but versions prior to 1.9.3 are vulnerable, so the correct consolidation is: GJSON versions prior to 1.9.3 Description: The issue allows attackers to cause a ReDoS regular...

EulerOS 2.0 SP3 : python-jinja2 (EulerOS-SA-2021-2609)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator an...

CVE-2021-42836

GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

CVE-2021-42836

GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

Design/Logic Flaw

GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

CVE-2021-42836

CVE-2021-42836 affects the GJSON library. The vulnerability is a ReDoS (regular expression denial of service) in GJSON before 1.9.3, triggered by crafted JSON input. The provided documents confirm the issue and reference the upstream fix path: upgrading from 1.9.2 to 1.9.3 or later. No exploit de...

CVE-2021-42836

GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

Ruby: RDoc::MethodAttr is vulnerable to Regular Expression Denial of Service (ReDoS)

Vulnerability description not provided...

GJSON 资源管理错误漏洞

Tidwall Gjson is a Go-based codebase for interacting with data in json format by the individual developers at Tidwall. GJSON A security vulnerability exists in GJSON before 1.9.3 that allows ReDoS Regular Expression Denial of Service attacks...

PT-2021-23690 · Gjson +1 · Gjson +1

Name of the Vulnerable Software and Affected Versions: GJSON versions prior to 1.9.3 Description: The issue allows a ReDoS regular expression denial of service attack. GJSON is a Go package that provides a fast and simple way to get values from a JSON document. A maliciously crafted path can caus...

SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2021:3477-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3477-1 advisory. - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP...