CVE-2020-26256 Denial of service in fast-csv

Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. This has been patched in v4.3.6 You will...

Denial of service in fast-csv

Impact Possible ReDoS Regular Expression Denial of Service when using ignoreEmpty option when parsing. Patches This has been patched in v4.3.6 Workarounds You will only be affected by this if you use the ignoreEmpty parsing option. If you do use this option it is recommended that you upgrade to t...

GHSA-7WWV-VH3V-89CQ ReDOS vulnerabities: multiple grammars

Impact: Potential ReDOS vulnerabilities exponential and polynomial RegEx backtracking oswasp: The Regular expression Denial of Service ReDoS is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very...

Regular Expression Denial Of Service (ReDoS)

DjValidator is vulnerable to regular expression denial of service ReDoS. An attacker is able to crash the application by sending a malicious email such as --@------------------------------------------------------------------------------------------------------------------------!...

Code injection

All versions of package djvalidator are vulnerable to Regular Expression Denial of Service ReDoS by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!...

CVE-2020-7779 Regular Expression Denial of Service (ReDoS)

All versions of package djvalidator are vulnerable to Regular Expression Denial of Service ReDoS by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!...

CVE-2020-7779

CVE-2020-7779 affects all versions of the npm package djvalidator with a Regular Expression Denial of Service (ReDoS) when processing crafted invalid emails (e.g., --@-----...). This can lead to high CPU consumption and potential service impact. Multiple sources (GitHub advisory, OSV, NVD/NVD ent...

A user-supplied regex in EyeQL causes ReDoS - CVE-2020-14190

Affected version of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed versions: 4.8.4 4.9.0...

Regular Expression Denial Of Service (ReDoS)

express-validators is vulnerable to Regular Expression Denial of Service ReDoS. An attacker is able to crash the application via a malicious URL due to the insecure usage of regex to validate URLs...

CVE-2020-7767

All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...

Design/Logic Flaw

All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...

CVE-2020-7767

CVE-2020-7767 affects the npm package express-validators . All versions are reported vulnerable to a Regular Expression Denial of Service (ReDoS) when validating specially crafted invalid URLs. The root cause stems from the URL validation regex, where certain inputs trigger catastrophic backtrack...

RHEL 8 : python3 (RHSA-2020:4433)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4433 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 8 : python38:3.8 (RHSA-2020:4641)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4641 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Moderate: python3 security and bug fix update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Regular Expression Denial Of Service (ReDoS)

codemirror is vulnerable to regular expression denial of service ReDoS. An attacker is able to cause a denial of service condition by passing long strings containing sub-pattern s|/.?/...

CVE-2020-7760

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS...

CVE-2020-7760

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS...

CVE-2020-7760

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS...

UBUNTU-CVE-2020-7760

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS...