3332 matches found
CVE-2021-29063
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called...
CVE-2020-27511
An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service ReDOS through stripping crafted HTML tags...
Denial of service
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called...
PYSEC-2021-427
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called...
CVE-2021-29061
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs...
CVE-2021-29061
CVE-2021-29061 describes a Regular Expression Denial of Service (ReDOS) in the open-source component Vfsjfilechooser2 . The vulnerability affects versions 0.2.9 and earlier and occurs when the application validates crafted URIs, which can trigger excessive backtracking in the regex and lead to a ...
CVE-2020-27511
CVE-2020-27511 concerns a ReDOS flaw in Prototype 1.7.3 where the functions stripTags and unescapeHTML can be abused by crafted HTML to exhaust the regular expression engine, potentially causing a denial of service. Public detail confirms the affected software and the underlying cause, with the N...
CVE-2020-27511
An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service ReDOS through stripping crafted HTML tags...
CVE-2021-29059
A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string...
CVE-2021-29059
A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string...
CVE-2021-29060
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string...
Code injection
A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string...
CVE-2021-29060
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string...
CVE-2021-29059
A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string...
CVE-2021-29059
CVE-2021-29059 affects the IS-SVG library, with versions 2.1.0–4.2.2 and earlier, where a crafted invalid SVG string can trigger a Regular Expression Denial of Service (ReDOS) in the SVG validation/check process. The description does not specify affected vendors or products beyond IS-SVG, nor a p...
CVE-2021-29060
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string...
CVE-2021-29060
CVE-2021-29060 is a ReDOS in the Node.js color-string module (Color-String) triggered by crafted HWB strings, with IBM security bulletins stating IBM Process Mining and IBM QRadar-related deployments are affected. The vulnerability affects Color-String 1.5.5 and earlier; remediation is to upgrade...
CVE-2021-29063
CVE-2021-29063 is a ReDOS vulnerability in the Python mpmath library (mpmathify) affecting v1.0.0–v1.2.1. The issue arises from certain regular expressions, allowing an attacker to exhaust resources and cause denial of service. Several advisories (Mageia MGASA-2021-0479, Fedora advisories, and re...
PT-2021-8204 · Pypi +4 · Mpmath +4
Name of the Vulnerable Software and Affected Versions: Mpmath versions 1.0.0 through 1.2.1 Description: A Regular Expression Denial of Service ReDOS issue is present in the mpmathify function of the Mpmath library for Python. This issue can be exploited by a remote attacker to cause a denial of...
Updated python-pygments packages fix a security vulnerability
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...