openSUSE Security Update : python-bleach (openSUSE-2021-552)

This update for python-bleach fixes the following issues : - CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific combinations of allowed tags boo1184547 Update to 3.1.5 : - replace missing setuptools dependency with packaging. Thank you Benjamin Peterson. Update to 3.1.4 boo1168280,...

OPENSUSE-SU-2021:0552-1 Security update for python-bleach

This update for python-bleach fixes the following issues: - CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific combinations of allowed tags boo1184547 Update to 3.1.5: replace missing setuptools dependency with packaging. Thank you Benjamin Peterson. Update to 3.1.4 boo1168280,...

Npm Braces Resource Management Error Vulnerability

Npm Braces is an application from Npm USA. bracketed extension of Bash, implemented in JavaScript. A security vulnerability exists in versions of Braces prior to 2.3.1, which can be exploited by an attacker to use a regular expression denial of service ReDoS attack...

Security update for python-bleach (important)

openSUSE Security Update: Security update for python-bleach Announcement ID: openSUSE-SU-2021:0552-1 Rating: important References: 1167379 1168280 1184547 Cross-References: CVE-2020-6816 CVE-2020-6817 CVE-2021-23980 CVSS scores: CVE-2020-6816 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

GHSA-JXG6-FHWC-9V9C Regular Expression Denial of Service (ReDoS) in es6-crawler-detect

This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...

Regular Expression Denial of Service (ReDoS) in es6-crawler-detect

This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...

Regular Expression Denial Of Service (ReDoS)

activeattr is vulnerable to regular expression denial of service. The usage of an insecure regular expression in the function call of ActiveAttr::Typecasting::BooleanTypecaste causes a huge processing time, allowing an attacker to cause a denial of service condition using a malicious input...

CVE-2021-23368

A regular expression denial of service ReDoS vulnerability was found in the npm library postcss. When parsing a supplied CSS string, if it contains an unexpected value then as the supplied CSS grows in length it will take an ever increasing amount of time to process. An attacker can use this...

Updated python-jinja2 packages fix a security vulnerability

ReDOS vulnerability where urlize could have been called with untrusted user data CVE-2020-28493...

MGASA-2021-0178 Updated python-jinja2 packages fix a security vulnerability

ReDOS vulnerability where urlize could have been called with untrusted user data CVE-2020-28493...

CVE-2021-23368

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...

Code injection

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...

CVE-2021-23368

CVE-2021-23368 concerns the PostCSS package: versions 7.0.0 up to, but not including, 8.2.10 are vulnerable to a Regular Expression Denial of Service (ReDoS) during source map parsing. The connected documents confirm this vulnerability and link it to the Node.js/npm ecosystem, but do not provide ...

CVE-2021-23368 Regular Expression Denial of Service (ReDoS)

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...

OTRS 6.0.x <= 7.0.24, 8.0.x <= 8.0.11 ReDoS Vulnerability

OTRS is prone to a regular expression denial of service ReDoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-1109

A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks...

Regular Expression Denial of Service (ReDoS) in Pillow

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

Regular Expression Denial Of Service (ReDoS)

hosted-git-info is vulnerable to regular expression denial of service ReDoS. An attacker can provide a malicious string via shortcutMatch in the function fromUrl in index.js to crash the application...

CVE-2021-23362

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...

Design/Logic Flaw

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...