CVE-2021-27291

CVE-2021-27291 affects pygments: the regex-based lexers used to parse languages can exhibit exponential/cubic worst-case behavior, enabling ReDoS with crafted input and potentially causing DoS. The issue is documented as fixed in pygments 2.7.4. Connected advisories reference python-pygments upgr...

CVE-2021-27291

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...

CVE-2021-27291

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...

CVE-2021-27291

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...

py-pygments -- multiple DoS vulnerabilities

Red Hat reports: An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword. Ben Caller reports: In pygments 1.1+, fixed in...

CVE-2021-28092

A flaw was found in is-svg package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. The highest threat from this vulnerability is to availability...

Regular Expression Denial Of Service (ReDoS)

is-svg is vulnerable to regular expression denial of service. An attacker is able to crash the application via a malicious SVG/XML document due to the usage of an insecure regular expression...

Fedora 33 : mingw-python-pillow / python-pillow / python2-pillow (2021-15845d3abe)

The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-15845d3abe advisory. - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts...

Fedora 33 : mingw-python-jinja2 (2021-2ab8ebcabc)

The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-2ab8ebcabc advisory. - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of...

CVE-2021-28092

The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time...

CVE-2021-28092

The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time...

CVE-2021-28092

CVE-2021-28092 affects the is-svg npm package for Node.js (versions 2.1.0–4.2.1), where a regex-based ReDoS can cause input processing to stall, leading to a potential denial of service. In CP4S context, remediation guidance available: upgrade Cloud Pak for Security to version 1.9.0 or later. Evi...

jspdf vulnerable to Regular Expression Denial of Service (ReDoS)

This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function...

CVE-2021-23354

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

CVE-2021-23354

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

Design/Logic Flaw

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

CVE-2021-23354

CVE-2021-23354 affects the Node.js printf package prior to 0.6.1. A vulnerable regex in lib/printf.js can cause a Regular Expression Denial of Service (ReDoS) with cubic worst-case time complexity. Exposure is tied to the printf implementation, not a broader platform. To remediate, upgrade to 0.6...

Worms David node-printf 安全漏洞

Worms David node-printf is an open source application by Worms David. A fully implemented printfC function family for Node.js, written in pure JavaScript. A security vulnerability exists in node-printf before 0.6.1, which stems from vulnerability to regular expression denial of service ReDoS...

CentOS 8 : nodejs:12 (CESA-2021:0549)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0549 advisory. - nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties CVE-2018-3750 - nodejs-mixin-deep: prototype pollution in...

NewStart CGSL CORE 5.04 / MAIN 5.04 : python3 Multiple Vulnerabilities (NS-SA-2021-0029)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python3 packages installed that are affected by multiple vulnerabilities: - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote...