Regular Expression Denial Of Service (ReDoS)

nth-check is vulnerable to regular expression denial of service. The vulnerability exists due to inefficient regular expression complexity in parse.ts, which may crash the system when parsing a malicious string...

Regular Expression Denial Of Service (ReDoS)

code-server is vulnerable to regular expression denial of service. An attacker is able to send a malicious string which require extensive processing of regex machine, leading to an application crash...

Inefficient Regular Expression Complexity in nltk/nltk

✍️ Description The nltk package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide as an input to the readcomparisonblock function in the file "nltk/corpus/reader/comparativesents.py" may cause an application to consume an excessive amount of CPU. Belo...

Inefficient Regular Expression Complexity in validatorjs/validator.js

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in validator. It allows cause a denial of service when validating crafted invalid MagnetURIs. The ReDoS vulnerability is mainly due to the sub-pattern .+&tr=.+ with quantified overlapping adjacency and c...

Inefficient Regular Expression Complexity in isaacs/minimatch

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in minimatch. It allows cause a denial of service when calling function braceExpand. The ReDoS vulnerability is mainly due to the regex /./ and can be exploited with the following code. Proof of Concept...

Inefficient Regular Expression Complexity in chocobozzz/peertube

Description Hello Again dear Peertube team. I found inefficient regular expression in that have a Polynomial execution time that can be lead to ReDoS attacks and it is better to replace it with another regex or Use google re2 regex engine for server sides code. Proof of Concept I create two...

Regular Expression Denial Of Service (ReDoS)

prism is vulnerable to regular expression denial of service. An attacker is able to send a malicious input string,leading to an intensive usage of CPU and an application crash...

Inefficient Regular Expression Complexity in fb55/nth-check

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in nth-check. It allows cause a denial of service when parsing crafted invalid CSS nth-checks. The ReDoS vulnerabilities of the regex are mainly due to the sub-pattern \s?:+-?\s\d+? with quantified...

EulerOS 2.0 SP2 : python-pygments (EulerOS-SA-2021-2441)

According to the versions of the python-pygments package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regula...

Inefficient Regular Expression Complexity in prismjs/prism

✍️ Description The prismjs package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted HTML comment as input may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. 🕵️‍♂️ Proof of Concept...

Inefficient Regular Expression Complexity in cdr/code-server

✍️ Description The code-server package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted input to the ansiRegex functionality may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. The ReDOS i...

Inefficient Regular Expression Complexity in jaywcjlove/colors-cli

✍️ Description The colors-cli package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted input to the ansi-regex functionality may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. The ReDOS i...

Inefficient Regular Expression Complexity in terkelg/prompts

✍️ Description The prompts package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted input to the strip functionality may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. The ReDOS is...

StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)

Impact The formatter function that strips comments from a SQL contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Patches The...

Regular Expression Denial of Service in flask-restx

Flask RESTX contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service in emailregex...

GHSA-3Q6G-VF58-7M4G Regular Expression Denial of Service in flask-restx

Flask RESTX contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service in emailregex...

ROS-2-1408

2.1408 Denial of Service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...

ROS-2-581

2.581 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

ROS-2-1292

2.1292 Denial of service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...

CVE-2021-23437

A flaw was found in python-pillow, where a Regular Expression Denial of Service ReDoS via the getrgb function occurs. The highest threat from this vulnerability is to system availability...