CVE-2021-23362

CVE-2021-23362 affects the Node.js package hosted-git-info prior to 3.0.8. The vulnerability is a Regular Expression Denial of Service (ReDoS) in the fromUrl function, caused by a regex shortcutMatch that can exhibit polynomial worst-case time. Affected detail: Regular expression complexity leads...

CVE-2021-27290

A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...

Regular Expression Denial Of Service (ReDoS)

schema-inspector is vulnerable to regular expression denial of service ReDoS. The vulnerability exists through the email validation method where an input such as example@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. would result in large consumption of...

Regular Expression Denial of Service (ReDoS) in Jinja2

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiti...

Regular Expression Denial of Service (ReDoS)

npm ssri 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option...

printf vulnerable to Regular Expression Denial of Service (ReDoS)

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string regex /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

CVE-2021-21267

Schema-Inspector is an open-source tool to sanitize and validate JS objects npm package schema-inspector. In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input for example...

CVE-2021-21267 Regular Expression Denial-of-Service in npm schema-inspector

Schema-Inspector is an open-source tool to sanitize and validate JS objects npm package schema-inspector. In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input for example...

CVE-2021-21267

Summary of CVE-2021-21267: Schema-Inspector (npm package schema-inspector) is vulnerable to a denial-of-service via email validation in before version 2.0.0. The issue is caused by a pathological input that triggers ReDoS during email validation, freezing the program or browser page. This affects...

GHSA-F38P-C2GQ-4PMR Regular Expression Denial-of-Service in npm schema-inspector

Impact What kind of vulnerability is it? Who is impacted? Email address validation is vulnerable to a denial-of-service attack where some input for example a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. will freeze the program or web browser page...

CVE-2021-25292

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

CVE-2021-25292

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

Design/Logic Flaw

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

CVE-2021-25292

Pillow (Python Imaging Library fork) prior to 8.1.1 is affected by a vulnerability in its PDF format parser that allows a regular expression DoS (ReDoS) via a crafted PDF file due to a catastrophic backtracking regex. This can impact availability as indicated by the CVSS vector in the CVE entry, ...

CVE-2021-25292

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

CVE-2021-25292

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

Regular Expression Denial Of Service (ReDoS)

pygments is vulnerable to regular expression denial of service. An attacker is able to crash the application by submitting a malicious string via Lexer for Values used in ADL and ODIN...

CVE-2021-27291

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...

CVE-2021-27291

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...

Denial of service

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...