Lucene search
K

3337 matches found

Cvelist
Cvelist
added 2021/06/21 3:45 p.m.22 views

CVE-2021-29060

A Regular Expression Denial of Service ReDOS vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string...

5.7AI score0.03134EPSS
Exploits1References4
CVE
CVE
added 2021/06/21 3:45 p.m.110 views

CVE-2021-29060

CVE-2021-29060 is a ReDOS in the Node.js color-string module (Color-String) triggered by crafted HWB strings, with IBM security bulletins stating IBM Process Mining and IBM QRadar-related deployments are affected. The vulnerability affects Color-String 1.5.5 and earlier; remediation is to upgrade...

5.3CVSS5.3AI score0.03134EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2021/06/21 12:0 a.m.126 views

CVE-2021-29063

CVE-2021-29063 is a ReDOS vulnerability in the Python mpmath library (mpmathify) affecting v1.0.0–v1.2.1. The issue arises from certain regular expressions, allowing an attacker to exhaust resources and cause denial of service. Several advisories (Mageia MGASA-2021-0479, Fedora advisories, and re...

7.5CVSS7.2AI score0.041EPSS
Exploits1References9Affected Software1
Positive Technologies
Positive Technologies
added 2021/06/21 12:0 a.m.5 views

PT-2021-8204 · Pypi +4 · Mpmath +4

Name of the Vulnerable Software and Affected Versions: Mpmath versions 1.0.0 through 1.2.1 Description: A Regular Expression Denial of Service ReDOS issue is present in the mpmathify function of the Mpmath library for Python. This issue can be exploited by a remote attacker to cause a denial of...

8.7CVSS7.2AI score0.041EPSS
Exploits1References44
Mageia
Mageia
added 2021/06/13 9:32 p.m.71 views

Updated python-pygments packages fix a security vulnerability

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...

7.5CVSS4.2AI score0.03832EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.28 views

SUSE SLES11 Security Update : python-Jinja2 (SUSE-SU-2021:14644-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:14644-1 advisory. - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use ...

5.3CVSS7.1AI score0.03546EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.35 views

SUSE SLES11 Security Update : python (SUSE-SU-2020:14306-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14306-1 advisory. - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular...

7.1CVSS7.2AI score0.06617EPSS
Exploits1References4
Veracode
Veracode
added 2021/06/09 4:46 a.m.18 views

Regular Expression Denial Of Service (ReDoS)

locutus is vulnerable to regular expression denial of service ReDoS. An attacker is able to cause a denial of service condition via the gopherparsedir feature...

7.5CVSS3.6AI score0.01936EPSS
Exploits1References2Affected Software1
Node.js
Node.js
added 2021/06/08 11:12 p.m.73 views

Regular Expression Denial of Service

Overview normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs. Recommendation Upgrade to versions 4.5.1, 5.3.1, 6.0.1 or later References - CVE - GitHub Advisory...

5CVSS5.5AI score0.01705EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 11:11 p.m.100 views

ReDoS in normalize-url

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

7.5CVSS3.2AI score0.01705EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/06/08 8:15 a.m.10 views

CVE-2021-23392

The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function...

7.5CVSS0.01936EPSS
Exploits1References3
OSV
OSV
added 2021/06/08 8:15 a.m.13 views

CVE-2021-23392

The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function...

7.5CVSS6.7AI score
Exploits0References3
Prion
Prion
added 2021/06/08 8:15 a.m.13 views

Design/Logic Flaw

The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function...

5CVSS7.5AI score0.01936EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/06/08 7:45 a.m.54 views

CVE-2021-23392

The issue affects locutus (JavaScript/Node.js package) before version 2.0.15, where the gopher_parsedir function is vulnerable to Regular Expression Denial of Service (ReDoS). The root cause is a flaw in gopher_parsedir that can be exploited to cause high CPU/denial by crafted input. The recommen...

7.5CVSS6.2AI score0.01936EPSS
Exploits1References3Affected Software1
Node.js
Node.js
added 2021/06/07 10:13 p.m.117 views

Regular Expression Denial of Service

Overview trim-newlines before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method. Recommendation Upgrade to versions 3.0.1 or 4.0.1 or later References - CVE - GitHub Advisory...

5CVSS5.7AI score0.02901EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/06/07 10:10 p.m.1 views

GHSA-7P7H-4MM5-852V Uncontrolled Resource Consumption in trim-newlines

@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...

7.5CVSS7.1AI score0.02901EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2021/06/07 10:10 p.m.198 views

Uncontrolled Resource Consumption in trim-newlines

@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...

7.5CVSS7.5AI score0.02901EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/07 10:10 p.m.61 views

Regular expression denial of service in forms

The package forms before 1.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via email validation...

5.3CVSS3.5AI score0.0165EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2021/06/03 3:15 p.m.25 views

CVE-2020-28469 Regular Expression Denial of Service (ReDoS)

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

5.3CVSS8.5AI score0.04456EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2021/06/01 2:19 p.m.43 views

CVE-2021-33623

A flaw was found in nodejs-trim-newlines. Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...

7.5CVSS2.2AI score0.02901EPSS
Exploits0References3
Rows per page
Query Builder