3332 matches found
Inefficient Regular Expression Complexity in liriliri/licia
✍️ Description A ReDoS regular expression denial of service flaw was found in the licia package. An attacker that is able to provide crafted input to the trim function may cause an application to consume an excessive amount of CPU. Similar to https://nvd.nist.gov/vuln/detail/CVE-2020-28500 🕵️♂️...
CVE-2020-7662
websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
openSUSE 15 Security Update : nodejs10 (openSUSE-SU-2021:2353-1)
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2353-1 advisory. - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n' %NASLMINLEVEL 70300 C Tenable...
EulerOS 2.0 SP5 : python-pygments (EulerOS-SA-2021-2228)
According to the version of the python-pygments package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular...
Segment is-email input validation error vulnerability
is-email is an application used to validate email addresses. Segment is-email is vulnerable due to a ReDoS regular expression denial of service flaw discovered in Node.js prior to Segment is-email package 1.0.1. An attacker could exploit this flaw to cause the application to consume excessive CPU...
SUSE SLES12 Security Update : nodejs14 (SUSE-SU-2021:2319-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2319-1 advisory. - The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. CVE-2020-7774 - Node.js before 16.4.1, 14.17.2, 12.22.2...
SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2021:2327-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2327-1 advisory. - The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. CVE-2020-7774 - Node.js before 16.4.1, 14.17.2, 12.22.2...
GHSA-9PQ7-RCXV-47VQ Incorrect Regular Expression in RestSharp
RestSharp 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service ReDoS when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus...
Incorrect Regular Expression in RestSharp
RestSharp 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service ReDoS when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus...
CVE-2021-36716
A ReDoS regular expression denial of service flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmailinput function may cause an application to consume an excessive amount of CPU...
Input validation
A ReDoS regular expression denial of service flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmailinput function may cause an application to consume an excessive amount of CPU...
CVE-2021-36716
A ReDoS regular expression denial of service flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmailinput function may cause an application to consume an excessive amount of CPU...
CVE-2021-36716
The CVE-2021-36716 issue affects the Segment is-email package for Node.js, specifically before version 1.0.1. The root cause is a Regular Expression Denial of Service (ReDoS) in isEmail(input), which can cause an attacker to force excessive CPU consumption in applications that validate emails. Pu...
CVE-2021-27293
RestSharp 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service ReDoS when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus...
CVE-2021-27293
RestSharp 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service ReDoS when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus...
Design/Logic Flaw
RestSharp 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service ReDoS when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus...
CVE-2021-27293
RestSharp (a .NET HTTP client library) is vulnerable to a Regular Expression Denial of Service (ReDoS) in its string-to-DateTime conversion, due to a regex used when parsing server responses, in versions before 106.11.8-alpha.0.13. A malicious server response can cause the client to spend excessi...
CVE-2021-27293
RestSharp 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service ReDoS when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus...
CVE-2021-32723
A flaw was found in npm-prismjs. An attacker can craft a string that will take a very long time to highlight when used to work with un-trusted text resulting in ReDoS. This can affect the system availability. There is no known risk of privilege escalation on data compromise. Mitigation As a...
Node.js -- July 2021 Security Releases
Node.js reports: libuv upgrade - Out of bounds read Medium CVE-2021-22918 Node.js is vulnerable to out-of-bounds read in libuv's uvidnatoascii function which is used to convert strings to ASCII. This is called by Node's dns module's lookup function and can lead to information disclosures or...