EulerOS 2.0 SP9 : python-pygments (EulerOS-SA-2021-2054)

According to the versions of the python-pygments packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a...

Node.js -- July 2021 Security Releases

Node.js reports: libuv upgrade - Out of bounds read Medium CVE-2021-22918 Node.js is vulnerable to out-of-bounds read in libuv's uvidnatoascii function which is used to convert strings to ASCII. This is called by Node's dns module's lookup function and can lead to information disclosures or...

Inefficient Regular Expression Complexity in chatwoot/chatwoot

✍️ Description If we want to use Regex in our match or search or replace or ... functions, we must be sanitize this function's inputs. if an attacker capable to inject any Regex or abuse the bad Regexes that used in our codes, then the ReDoS vulnerability appear and according to "freezing the web ...

CVE-2021-32723

Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service ReDoS. When Prism is used to highlight untrusted user-given text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fix...

CVE-2021-32723

Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service ReDoS. When Prism is used to highlight untrusted user-given text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fix...

CVE-2021-32723

PrismJS Prism before v1.24.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when highlighting untrusted text. Specifically, ASCIIDoc and ERB are susceptible to crafted input that can cause excessive highlighting time; other languages are not affected. The vulnerability has been fix...

CVE-2021-32723 Regular Expression Denial of Service (ReDoS) in Prism

Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service ReDoS. When Prism is used to highlight untrusted user-given text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fix...

Regular Expression Denial of Service

Overview In prismjs before 1.24.0 some languages are vulnerable to Regular Expression Denial of Service ReDoS. Impact When Prism is used to highlight untrusted user-given text, an attacker can craft a string that will take a very very long time to highlight. Do not use the following languages to...

Regular Expression Denial of Service (ReDoS) in Prism

Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service ReDoS. Impact When Prism is used to highlight untrusted user-given text, an attacker can craft a string that will take a very very long time to highlight. Do not use the following languages to highlight untrusted...

GHSA-GJ77-59WH-66HG Regular Expression Denial of Service (ReDoS) in Prism

Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service ReDoS. Impact When Prism is used to highlight untrusted user-given text, an attacker can craft a string that will take a very very long time to highlight. Do not use the following languages to highlight untrusted...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Jaeger 1.20.4 security update

An update is now available for Red Hat OpenShift Jaeger 1.20. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

Regular Expression Denial Of Service (ReDoS)

is-svg is vulnerable to regular expression denial of service. An attacker may input a malicious crafted SVG string, causing the system to crash...

CVE-2021-29059

A flaw was found in IS-SVG where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string. The highest threat from this vulnerability is to system availability...

Regular Expression Denial Of Service (ReDOS)

Vfsjfilechooser2 is vulnerable to regular expression denial of service. Lack of proper handling of specials chars in passwords and limiting the input length on regex patterns allows an attacker to input malicious URIs to cause an application crash...

GHSA-257V-VJ4P-3W2H Regular Expression Denial of Service (ReDOS)

In the npm package color-string, there is a ReDos Regular Expression Denial of Service vulnerability regarding an exponential time complexity for linearly increasing input lengths for hwb color strings. Strings reaching more than 5000 characters would see several milliseconds of processing time;...

Regular Expression Denial of Service (ReDOS)

In the npm package color-string, there is a ReDos Regular Expression Denial of Service vulnerability regarding an exponential time complexity for linearly increasing input lengths for hwb color strings. Strings reaching more than 5000 characters would see several milliseconds of processing time;...

CVE-2021-29063

A Regular Expression Denial of Service ReDOS vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called...

CVE-2021-29063

A Regular Expression Denial of Service ReDOS vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called...

CVE-2021-29061

A Regular Expression Denial of Service ReDOS vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs...

CVE-2021-29061

A Regular Expression Denial of Service ReDOS vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs...