PT-2021-10901 · Unknown · Leo Editor

Name of the Vulnerable Software and Affected Versions: Leo Editor version 6.2.1 Description: The issue is related to a regular expression denial of service ReDoS vulnerability in the component plugins/importers/dart.py. This vulnerability was discovered in the Leo Editor. Recommendations: For Leo...

CentOS 8 : nodejs:12 (CESA-2021:3623)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3623 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930, CVE-2021-22940 - nodejs: Improper handling of untypical characters in domai...

Inefficient Regular Expression Complexity in tapjs/tap-mocha-reporter

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in tap-mocha-reporter. The ReDoS vulnerability is mainly due to the regex /^\s+|\s+$|/g and can be exploited with the following code. Proof of Concept // PoC.js var tapMochaReporter =...

nodejs:12 security and bug fix update

An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform f...

Inefficient Regular Expression Complexity in validatorjs/validator.js

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in validator. It allows cause a denial of service when calling function 'rtrim'. The ReDoS vulnerability is mainly due to the regex /\s+$/g and can be exploited with the following code. Proof of Concept ...

GHSA-RP65-9CF3-CJXR Inefficient Regular Expression Complexity in nth-check

There is a Regular Expression Denial of Service ReDoS vulnerability in nth-check that causes a denial of service when parsing crafted invalid CSS nth-checks. The ReDoS vulnerabilities of the regex are mainly due to the sub-pattern \s?:+-?\s\d+? with quantified overlapping adjacency and can be...

Inefficient Regular Expression Complexity in nth-check

There is a Regular Expression Denial of Service ReDoS vulnerability in nth-check that causes a denial of service when parsing crafted invalid CSS nth-checks. The ReDoS vulnerabilities of the regex are mainly due to the sub-pattern \s?:+-?\s\d+? with quantified overlapping adjacency and can be...

GHSA-HQHP-5P83-HX96 prismjs Regular Expression Denial of Service vulnerability

Prism is a syntax highlighting library. The prismjs package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted HTML comment as input may cause an application to consume an excessive amount of CPU...

prismjs Regular Expression Denial of Service vulnerability

Prism is a syntax highlighting library. The prismjs package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted HTML comment as input may cause an application to consume an excessive amount of CPU...

GHSA-VVF2-PPJ9-PP49 Inefficient Regular Expression Complexity in vuelidate

vuelidate is a simple, lightweight model-based validation for Vue.js 2.x & 3.0. A ReDoS regular expression denial of service flaw was found in the @vuelidate/validators package. An attacker that is able to provide crafted input to the urlinput function may cause an application to consume an...

Inefficient Regular Expression Complexity in vuelidate

vuelidate is a simple, lightweight model-based validation for Vue.js 2.x & 3.0. A ReDoS regular expression denial of service flaw was found in the @vuelidate/validators package. An attacker that is able to provide crafted input to the urlinput function may cause an application to consume an...

Inefficient Regular Expression Complexity in chalk/ansi-regex

ansi-regex is vulnerable to Inefficient Regular Expression Complexity which could lead to a denial of service when parsing invalid ANSI escape codes. Proof of Concept js import ansiRegex from 'ansi-regex'; forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = "\u001B"+";".repeati10000...

CVE-2021-32839

A resource-consumption flaw was found in python-sqlparse. The formatter function that strips comments from SQL contains a regular expression that is vulnerable to Regular Expression Denial of Service ReDoS. A network attacker could craft an SQL comment containing numerous repetitions of '\r\n' th...

CVE-2021-32838

Flask-RESTX pypi package flask-restx is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS Regular Expression Denial of Service in emailregex. This is fixed in version 0.5.1...

Design/Logic Flaw

Flask-RESTX pypi package flask-restx is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS Regular Expression Denial of Service in emailregex. This is fixed in version 0.5.1...

PYSEC-2021-325

Flask-RESTX pypi package flask-restx is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS Regular Expression Denial of Service in emailregex. This is fixed in version 0.5.1...

CVE-2021-32838 Regular Expression Denial of Service in flask-restx

Flask-RESTX pypi package flask-restx is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS Regular Expression Denial of Service in emailregex. This is fixed in version 0.5.1...

CVE-2021-32838

CVE-2021-32838 : Flask-RESTX (flask-restx) before 0.5.1 is vulnerable to a Regular Expression Denial of Service (ReDoS) in email_regex. The issue is fixed in version 0.5.1. Affected: Flask-RESTX prior to 0.5.1. Impact details are limited to what the description states; no exploitation or scope be...

Inefficient Regular Expression Complexity in ampproject/amphtml

✍️ Description The amphtml package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted template as input to the expandTemplate function of core/types/string/index.js may cause an application to consume an excessive amount of CPU. Below pinned...

Inefficient Regular Expression Complexity in alvations/sacremoses

✍️ Description The sacremoses package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted text as input to the hasnumericonly function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex...