regular expression denial-of-service (ReDoS) in Bleach

Impact bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'. Patches 3.1.4 Workarounds d...

Regular Expression Denial Of Service (ReDoS)

fecha is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists when a user inputs a really long string as the parameter dateStr through the parse method in the file fecha.js causing the system to hang for a very long time...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2020-1321)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : python (EulerOS-SA-2020-1321)

According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular...

EulerOS 2.0 SP8 : python2 (EulerOS-SA-2020-1295)

According to the versions of the python2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - DISPUTED The Waveread.readfmtchunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows...

Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution)

Withdrawn GitHub has withdrawn this advisory in place of GHSA-vh95-rmgr-6w4m and GHSA-6chw-6frg-f759. The reason for withdrawing is that some mistakes were made during the ingestion of CVE-2020-7598 which caused this advisory to be published with incorrect information. In order to provide accurat...

Regular Expression Denial Of Service (ReDoS)

useragentparser is vulnerable to regular expression denial of service ReDoS. The vulnerability exists through the vendored module, uap-core, where a long digit string can cause ReDoS. This vulnerability is related to CVE-2020-5243...

GHSA-PCQQ-5962-HVCW Denial of Service in uap-core when processing crafted User-Agent strings

Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-ruby to = v2.6....

Denial of Service in uap-core when processing crafted User-Agent strings

Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-ruby to = v2.6....

Denial of Service in uap-core when processing crafted User-Agent strings

Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-ruby to = v2.6....

Regular Expression Denial Of Service (ReDoS)

acorn is vulnerable to denial of service. A regex in the form of /x-\ud800/u causes the parser to enter an infinite loop as the string is not valid UTF-16 character. This results in it being sanitized before reaching the parser and when an application processes untrusted input and passes it...

CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

Regular Expression Denial Of Service (ReDoS)

github-url-to-object is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is possible because regular expressions used for repoUrl path are not filtering the string inputs. A malicious user could send crafted requests using this flaw that cause the system to cras...

GHSA-CMCX-XHR8-3W9P Denial of Service in uap-core when processing crafted User-Agent strings

Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-core to gt;=...

CVE-2020-5243

CVE-2020-5243 describes a denial-of-service vulnerability in uap-core before 0.7.3, where processing crafted User-Agent strings triggers overlapping capture group REGEX backtracking (REDoS). The issue affects the library’s User-Agent parsing, allowing remote attackers to overload a server by send...

GitHub Security Lab: CodeQL query for finding ReDoS and Regex Injection vulnerabilities in Java

This bug was reported directly to GitHub Security Lab...

Python 2.7.x <= 2.7.17, 3.5 <= 3.5.9, 3.6.x <= 3.6.10, 3.7.x <= 3.7.6, 3.8.x <= 3.8.1 Regular Expression Denial of Service (ReDoS) Vulnerability - Linux

Python is prone to a Regular Expression Denial of Service ReDoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Python 2.7.x <= 2.7.17, 3.5 <= 3.5.9, 3.6.x <= 3.6.10, 3.7.x <= 3.7.6, 3.8.x <= 3.8.1 Regular Expression Denial of Service (ReDoS) Vulnerability - Windows

Python is prone to a Regular Expression Denial of Service ReDoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Python 2.7.x <= 2.7.17, 3.5 <= 3.5.9, 3.6.x <= 3.6.10, 3.7.x <= 3.7.6, 3.8.x <= 3.8.1 Regular Expression Denial of Service (ReDoS) Vulnerability - Mac OS X

Python is prone to a Regular Expression Denial of Service ReDoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-3737

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys...