CVE-2021-23425

A flaw was found in nodejs-trim-off-newlines. All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service ReDoS via string processing. The highest threat from this vulnerability is to system availability...

Spoofing

All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service ReDoS via string processing...

CVE-2021-23425

CVE-2021-23425 affects the nodejs-trim-off-newlines package; all versions of trim-off-newlines are vulnerable to ReDoS via string processing. The issue is confirmed in multiple sources (NVD entry and Red Hat advisory RHSA-2022:4711) with an overall Medium impact (CVSS v3.1 base score 5.3; Availab...

CVE-2021-33580

User controlled request.getHeader"Referer", request.getRequestURL and request.getQueryString are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the...

CVE-2021-33580

User controlled request.getHeader"Referer", request.getRequestURL and request.getQueryString are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the...

Code injection

User controlled request.getHeader"Referer", request.getRequestURL and request.getQueryString are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the...

CVE-2021-33580

Apache Roller suffers a vulnerability where user-controlled inputs from Referer, Request URL, and QueryString are used to build and execute a regex, enabling regular-expression DoS (ReDoS) via catastrophic backtracking on the server. Impact described as availability issues; fixed in Roller 6.0.2....

openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2021:1113-1)

"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1113-1 advisory. - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n' %NASLMINLEVEL 70300 C Tenable...

Regular Expression Denial of Service in path-parse

Overview Affected versions of path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity. Recommendation Upgrade to version 1.0.7 or later References - CVE - GitH...

Regular Expression Denial of Service in path-parse

Affected versions of npm package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

ReDOS in Mpmath

A Regular Expression Denial of Service ReDOS vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called...

GHSA-F865-M6CQ-J9VX ReDOS in Mpmath

A Regular Expression Denial of Service ReDOS vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called...

Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by a ReDoS flaw when processing URLs (CVE-2021-33502)

Summary App Connect Enterprise Certified Container may be vulnerable to a ReDoS regular expression denial of service flaw when processing URLs due to vulnerability CVE-2021-33502 Vulnerability Details CVEID: CVE-2021-33502 DESCRIPTION: Node.js normalize-url module is vulnerable to a denial of...

GitLab: ReDoS in syntax highlighting due to Rouge

Summary Gitlab is using the ruby gem "rouge" which has a ReDoS vulnerability. In rouge, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have cubic worst-case complexity and are vulnerable to Regular Expression Denial of Service...

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2021:2932)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2932 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Regular Expression Denial Of Service (ReDoS)

glob-parent is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an incorrect regex implementation on the enclosure variable. This vulnerability is caused by an incomplete fix of CVE-2020-28469...

Inefficient Regular Expression Complexity in erxes/erxes

✍️ Description If we want to use Regex in our match or search or replace or … functions, we must be sanitize this function's inputs. if an attacker capable to inject any Regex or abuse the exponential Regexes that used in our codes, then the ReDoS vulnerability appear and according to "freezing th...

Regexploit - Find Regular Expressions Which Are Vulnerable To ReDoS (Regular Expression Denial Of Service)

Find regexes which are vulnerable to Regular Expression Denial of Service ReDoS. More info onthe Doyensec blog Many default regular expression parsers have unbounded worst-case complexity. Regex matching may be quick when presented with a matching input string. However, certain non-matching input...

openSUSE 15 Security Update : nodejs10 (openSUSE-SU-2021:1061-1)

"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1061-1 advisory. - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n' %NASLMINLEVEL 70300 C Tenable...

Inefficient Regular Expression Complexity in cronvel/string-kit

✍️ Description A ReDoS regular expression denial of service flaw was found in the string-kit package. An attacker that is able to provide crafted input to the naturalSort function may cause an application to consume an excessive amount of CPU. 🕵️‍♂️ Proof of Concept Create the following PoC file:...