3332 matches found
Regular Expression Denial Of Service (ReDoS)
prompts is vulnerable to regular expression denial of service. The use of an inefficient regex pattern for strip allows an attacker to input a malicious string, leading to an application crash...
Regular Expression Denial Of Service (ReDoS)
uglify-js is vulnerable to regular expression denial of service ReDoS. The inefficient regex pattern used in stringtemplate function in utils.js allows an attacker to input a malicious string, leading to an application crash...
Inefficient Regular Expression Complexity in handsontable
The package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service ReDoS in Handsontable.helper.isNumeric function...
in youzan/vant
✍️ Description The @vant/cli package is vulnerable to Regular Expression Denial of Service ReDoS. An attacker that is able to provide a crafted string as the input to the decamelize function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex...
Regular Expression Denial Of Service (ReDoS)
handsontable is vulnerable to regular expression denial of service. An attacker is able to exploit the vulnerability to crash the system by sending an empty string to the Handsontable.helper.isNumeric function...
Regular Expression Denial of Service in jsoneditor
JSON Editor is a web-based tool to view, edit, format, and validate JSON. It has various modes such as a tree editor, a code editor, and a plain text editor. The jsoneditor package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted element a...
CVE-2021-23446
The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service ReDoS in Handsontable.helper.isNumeric function...
NLTK Vulnerable to REDoS
The nltk package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide as an input to the readcomparisonblockhttps://github.com/nltk/nltk/blob/23f4b1c4b4006b0cb3ec278e801029557cec4e82/nltk/corpus/reader/comparativesents.pyL259 function in the file...
CVE-2021-23446 Regular Expression Denial of Service (ReDoS)
The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service ReDoS in Handsontable.helper.isNumeric function...
CVE-2021-23446
CVE-2021-23446 affects Handsontable (a JavaScript data grid) where the vulnerability is a Regular Expression Denial of Service (ReDoS) in the function Handsontable.helper.isNumeric. Affected versions are Handsontable
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2021-2538)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2021-2562)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2021-2516)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
nodejs:14 security and bug fix update
An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform f...
ALSA-2021:3666 Important: nodejs:14 security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...
EulerOS 2.0 SP9 : python-jinja2 (EulerOS-SA-2021-2562)
According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator an...
EulerOS 2.0 SP9 : python-jinja2 (EulerOS-SA-2021-2538)
According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator an...
EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-2564)
According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of...
PT-2021-22014 · Pypi +3 · Nltk +3
Name of the Vulnerable Software and Affected Versions: nltk affected versions not specified Description: The nltk package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide input to the checkComparisonBlock function, specifically the read comparison...
CentOS 8 : nodejs:14 (CESA-2021:3666)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3666 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930, CVE-2021-22940 - nodejs: Improper handling of untypical characters in domai...