3337 matches found
CVE-2021-29060
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string...
CVE-2021-29060
CVE-2021-29060 is a ReDOS in the Node.js color-string module (Color-String) triggered by crafted HWB strings, with IBM security bulletins stating IBM Process Mining and IBM QRadar-related deployments are affected. The vulnerability affects Color-String 1.5.5 and earlier; remediation is to upgrade...
CVE-2021-29063
CVE-2021-29063 is a ReDOS vulnerability in the Python mpmath library (mpmathify) affecting v1.0.0–v1.2.1. The issue arises from certain regular expressions, allowing an attacker to exhaust resources and cause denial of service. Several advisories (Mageia MGASA-2021-0479, Fedora advisories, and re...
PT-2021-8204 · Pypi +4 · Mpmath +4
Name of the Vulnerable Software and Affected Versions: Mpmath versions 1.0.0 through 1.2.1 Description: A Regular Expression Denial of Service ReDOS issue is present in the mpmathify function of the Mpmath library for Python. This issue can be exploited by a remote attacker to cause a denial of...
Updated python-pygments packages fix a security vulnerability
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...
SUSE SLES11 Security Update : python-Jinja2 (SUSE-SU-2021:14644-1)
The remote SUSE Linux SLES11 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:14644-1 advisory. - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use ...
SUSE SLES11 Security Update : python (SUSE-SU-2020:14306-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14306-1 advisory. - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular...
Regular Expression Denial Of Service (ReDoS)
locutus is vulnerable to regular expression denial of service ReDoS. An attacker is able to cause a denial of service condition via the gopherparsedir feature...
Regular Expression Denial of Service
Overview normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs. Recommendation Upgrade to versions 4.5.1, 5.3.1, 6.0.1 or later References - CVE - GitHub Advisory...
ReDoS in normalize-url
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...
CVE-2021-23392
The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function...
CVE-2021-23392
The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function...
Design/Logic Flaw
The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function...
CVE-2021-23392
The issue affects locutus (JavaScript/Node.js package) before version 2.0.15, where the gopher_parsedir function is vulnerable to Regular Expression Denial of Service (ReDoS). The root cause is a flaw in gopher_parsedir that can be exploited to cause high CPU/denial by crafted input. The recommen...
Regular Expression Denial of Service
Overview trim-newlines before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method. Recommendation Upgrade to versions 3.0.1 or 4.0.1 or later References - CVE - GitHub Advisory...
GHSA-7P7H-4MM5-852V Uncontrolled Resource Consumption in trim-newlines
@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...
Uncontrolled Resource Consumption in trim-newlines
@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...
Regular expression denial of service in forms
The package forms before 1.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via email validation...
CVE-2020-28469 Regular Expression Denial of Service (ReDoS)
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...
CVE-2021-33623
A flaw was found in nodejs-trim-newlines. Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...