CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

Node.js third-party modules: [wappalyzer] ReDoS allows an attacker to completely break Wappalyzer

Hello folks! please note that I'm reporting two different problematic regexes. module name: Wappalyzer version: 6.0.2 npm page: https://www.npmjs.com/package/wappalyzer Module Description Wappalyzer identifies technologies on websites. Module Stats Weekly downloads: 1,290 88 open issues 16 open...

Node.js third-party modules: [wappalyzer] ReDoS allows an attacker to completely break Wappalyzer

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report VULNERABILITY in...

Regular Expression Denial Of Service (ReDoS)

envoy is vulnerable to regular expression denial of service. A remote attacker is able to cause a denial of service from excessive memory usage via a very long URI...

Regular Expression Denial Of Service (ReDoS)

istio is vulnerable to regular expression denial of service. A remote attacker is able to cause a denial of service from excessive memory usage via a very long URI...

EulerOS Virtualization for ARM 64 3.0.2.0 : python (EulerOS-SA-2020-1516)

According to the versions of the python packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Python Software Foundation Python CPython version 2.7 contains a CWE-77: Improper Neutralization of Special Elements...

Regular Expression Denial Of Service (ReDoS)

sheetjs is vulnerable to regular expression denial of service ReDoS. The vulnerability exists due to the usage of vulnerable regular expressions for xlmlregex in the function xlmlnormalize...

FreeBSD : py-bleach -- regular expression denial-of-service (4c52ec3c-86f3-11ea-b5b4-641c67a117d8)

Bleach developers reports : bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'. C...

Regular Expression Denial Of Service (ReDoS)

remove-markdown is vulnerable to regex denial of service. An attacker is able to cause the package to consume excess system resources resulting in an application crash using a large number of space characters...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2020-1472)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : python (EulerOS-SA-2020-1472)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Python Software Foundation Python CPython version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a...

Regular Expression Denial Of Service (ReDoS)

papaparse is vulnerable to regular expression denial of service ReDoS. The vulnerability exists through the FLOAT regex used in papaparse.js...

EulerOS Virtualization for ARM 64 3.0.6.0 : python2 (EulerOS-SA-2020-1344)

According to the versions of the python2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a...

EulerOS Virtualization for ARM 64 3.0.6.0 : python3 (EulerOS-SA-2020-1346)

According to the versions of the python3 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Python CPython 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon laun...

Debian DLA-2167-1 : python-bleach security update

A vulnerability was discovered in python-bleach, a whitelist-based HTML-sanitizing library. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to a regular expression denial of service ReDoS. For Debian 8 'Jessie', this problem has been fixed in version...

mediawiki -- multiple vulnerabilities

Mediawikwi reports: T285159, CVE-2023-PENDING SECURITY: X-Forwarded-For header allows brute-forcing autoblocked IP addresses. T326946, CVE-2020-36649 SECURITY: Bundled PapaParse copy in VisualEditor has known ReDos. T330086, CVE-2023-PENDING SECURITY: OATHAuth allows replay attacks when MediaWiki...

[SECURITY] [DLA 2167-1] python-bleach security update

Package : python-bleach Version : 1.4-1+deb8u1 CVE ID : CVE-2020-6817 Debian Bug : 955388 A vulnerability was discovered in python-bleach, a whitelist-based HTML-sanitizing library. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to a regular expression...

Regular Expression Denial-of-Service (ReDoS)

bleach is vulnerable to regular expression denial of service ReDoS. The vulnerability exists when parsing style attributes through sanitizecss...

Regular Expression Denial Of Service (ReDoS)

mocha is vulnerable to Regular Expression Denial Of Service. The stack prettifier function which is enabled by default, consumes excessive resources and requires a long time to complete when parsing a large Error.message containing certain assertions against large objects...