Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2021-1887)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : python-pygments (EulerOS-SA-2021-1887)

According to the versions of the python-pygments packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a...

Regular Expression Denial Of Service (ReDoS)

graphhopper-nav is vulnerable to Regular Expression Denial Of Service ReDoS. An attacker is able to crash the application by submitting a malicious url string via the getPointsFromRequest function...

OESA-2021-1190 python-jinja2 security update

Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...

Regular Expression Denial of Service (ReDoS)

Overview jspdf before version 2.3.1 has a regular expression denial-of-service via the addImage function. Recommendation Upgrade to version 2.3.1 or later References - CVE - GitHub Advisory...

Regular expression deinal of service in express-validators

All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...

Regular Expression Denial of Service

Overview All versions of package dat.gui are vulnerable to Regular Expression Denial of Service ReDoS via specifically crafted rgb and rgba values. Recommendation Avoid using dat.gui as there is no current safe version of this module References - CVE - GitHub Advisory...

Regular Expression Denial of Service in trim

Overview Versions of trim lower than 0.0.3 are vulnerable to Regular Expression Denial of Service ReDoS via trim. Recommendation Upgrade to version 0.0.3 or later References - CVE - GitHub Advisory...

Regular expression denial of service in codemirror

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS...

Regular Expression Denial of Service in dat.gui

All versions of package dat.gui are vulnerable to Regular Expression Denial of Service ReDoS via specifically crafted rgb and rgba values...

Regular Expression Denial of Service in trim

All versions of package trim lower than 0.0.3 are vulnerable to Regular Expression Denial of Service ReDoS via trim...

Regular Expression Denial of Service in postcss

The npm package postcss from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...

Regular Expression Denial of Service

Overview hosted-git-info before versions 2.8.9 and 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity Recommendation Upgrade to...

OESA-2021-1154 python-pygments security update

Security Fixes: In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a...

FreeBSD : Python -- multiple vulnerabilities (bffa40db-ad50-11eb-86b8-080027846a02)

Python reports : bpo-43434: Creating a sqlite3.Connection object now also produces a sqlite3.connect auditing event. Previously this event was only produced by sqlite3.connect calls. Patch by Erlend E. Aasland. bpo-43882: The presence of newline or tab characters in parts of a URL could allow som...

CVE-2021-23343

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

CVE-2021-23343

All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

Code injection

All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

CVE-2021-23343 Regular Expression Denial of Service (ReDoS)

All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

CVE-2021-23343

CVE-2021-23343 affects the path-parse package. The vulnerability is a Regular Expression Denial of Service (ReDoS) via the regexes splitDeviceRe, splitTailRe, and splitPathRe. The ReDoS has polynomial worst-case time complexity. Connected telemetry from MiracleLinux AXSA advisories lists path-par...