Design/Logic Flaw

CairoSVG is a Python pypi package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service REDoS vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regula...

CVE-2021-21236

CairoSVG is a Python pypi package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service REDoS vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regula...

PT-2021-3609 · Pypi +9 · Pygments +9

Name of the Vulnerable Software and Affected Versions: Pygments versions 1.1 through 2.7.3 Description: The issue is related to the use of regular expressions in the Pygments syntax highlighting program. Some of the regular expressions have exponential or cubic worst-case complexity and are...

Regular Expression Denial Of Service (ReDoS)

ua-parser-js is vulnerable to regular expression denial of service ReDoS. The vulnerability exists through overly greedy regular expressions when parsing the browsers' user agent strings...

Regular Expression Denial Of Service (ReDoS)

node-ua-parser-js is vulnerable to regular expression denial of service. The vulnerability exist from the missing version check in the function...

CVE-2020-7793

A flaw was found in nodejs-ua-parser-js. The software is vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes...

Ruby on Rails: Regex Injection from request header (Rack::Sendfile, send_file)

I have confirmed that Rack::Sendfile and the Rails sendfile that handles it have a problem handling custom headers for request. It is expected that the X-Sendfile-type and X-Accel-Mapping headers will be sent from nginx, but these headers can also be sent from a user agent such as a browser. This...

CVE-2020-7793

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info...

CVE-2020-7793

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info...

Design/Logic Flaw

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info...

CVE-2020-7793 Regular Expression Denial of Service (ReDoS)

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info...

CVE-2020-7793

CVE-2020-7793 affects the UAParser.js package (versions before 0.7.23). The vulnerability is a Regular Expression Denial of Service (ReDoS) across multiple regexes. Connected sources explicitly identify UAParser.js (pre-0.7.23) as vulnerable and reference the ReDoS condition; one source notes a f...

CVE-2020-7793

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info...

Regular Expression Denial Of Service (ReDoS)

fast-csv is vulnerable to regular expression denial of service ReDoS. The vulnerability exists through the usage of the ignoreEmpty option when parsing...

CVE-2020-26256

Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. This has been patched in v4.3.6 You will...

CVE-2020-26256

Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. This has been patched in v4.3.6 You will...

Code injection

Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. This has been patched in v4.3.6 You will...

Regular Expression Denial of Service

Overview fast-csv and @fast-csv/parse before version 4.3.6 has a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. Impact You will only be affected by this if you use the ignoreEmpty parsing option. If you do use this option it is...

Regular Expression Denial of Service

Overview fast-csv and @fast-csv/parse before version 4.3.6 has a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. Impact You will only be affected by this if you use the ignoreEmpty parsing option. If you do use this option it is...

CVE-2020-26256 Denial of service in fast-csv

Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. This has been patched in v4.3.6 You will...