CVE-2021-23388

The CVE-2021-23388 entry concerns the caolan/forms library and its email validation regex. Affected versions are before 1.2.1 and 1.3.0 through 1.3.2, where an insecure regular expression can cause a Regular Expression Denial of Service (ReDoS), potentially consuming significant CPU and slowing o...

Regular Expression Denial of Service

Overview In ws before versions 5.2.3, 6.2.2 and 7.4.6 there is a ReDOS vulnerability. Impact A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. Proof of concept js for const length of 1000, 2000, 4000, 8000, 16000, 32000 const value ...

CVE-2021-33623

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...

CVE-2021-33623

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...

CVE-2021-33623

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...

CVE-2021-33623

CVE-2021-33623 : The trim-newlines package for Node.js is vulnerable to a regular-expression Denial of Service (ReDoS) on the .end() method. Affected versions are before 3.0.1 and 4.x before 4.0.1. Remedies include upgrading to trim-newlines 3.0.1 or 4.0.1 (or later). The available connected docu...

CVE-2021-33623

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...

XStream: ReDoS vulnerability

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

CVE-2021-33502

A flaw was found in normalize-url. Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data...

Regular Expression Denial Of Service (ReDoS)

normalize-url is vulnerable to regular expression denial of service. The usage of an insecure regex allows an attacker to cause a denial of service condition via a malicious URL string...

Regular Expression Denial of Service in browserslist

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service ReDoS during parsing of queries...

DEBIAN-CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

AZL-44850 CVE-2021-33502 affecting package nodejs-nodemon 2.0.3-5

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

Denial of service

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

CVE-2021-33502

CVE-2021-33502 affects the normalize-url package for Node.js. Concrete details show a ReDoS issue where data URLs trigger exponential backtracking, impacting versions: 4.x up to 4.5.1, 5.x up to 5.3.1, and 6.x up to 6.0.1. The vulnerability arises from an exponential-backoff/regex pattern in hand...

CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...