3332 matches found
Design/Logic Flaw
An issue was discovered in regex.yaml aka regexes.yaml in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service ReDoS issue allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to a value containing a long digit string. The UAP-Core...
CVE-2018-20164
An issue was discovered in regex.yaml aka regexes.yaml in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service ReDoS issue allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to a value containing a long digit string. The UAP-Core...
CVE-2018-20164
An issue was discovered in regex.yaml aka regexes.yaml in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service ReDoS issue allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to a value containing a long digit string. The UAP-Core...
CVE-2018-20164
The CVE-2018-20164 entry describes a Regular Expression Denial of Service (ReDoS) in UA-Parser UAP-Core prior to 0.6.0. Affected component is the regex.yaml/regexes.yaml logic used to parse User-Agent strings; the vulnerability allows an attacker to overload a server by sending HTTP(S) requests w...
CVE-2018-20164
An issue was discovered in regex.yaml aka regexes.yaml in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service ReDoS issue allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to a value containing a long digit string. The UAP-Core...
CVE-2019-6986
CVE-2019-6986 describes a SPARQL Injection in VIVO Vitro v1.10.0 where a remote attacker can craft a request to the endpoint “/individual?uri=” to execute arbitrary SPARQL, leading to a Regular Expression Denial of Service (ReDoS) via crafted FILTER%20regex usage. Affected product/component: VIVO...
Regular Expression Denial Of Service (ReDoS) Via Parsing Cookies
tough-cookie is vulnerable to regular expression denial of service ReDoS attack. The vulnerability exists because the COOKIEPAIR regular expression used to parse the cookies causes unlimited repetitions when matching input characters. By using a large cookie string, attackers can make the process...
Denial Of Service (DoS)
minimatch is vulnerable to a Regular Expression Denial Of Service ReDoS attack. An attacker can pass a string value to the minimatchpath,pattern function to cause a ReDoS...
Regular Expression Denial Of Service (ReDoS)
tcl is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists as the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause...
UA-Parser Denial Of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 X41 D-SEC GmbH Security Advisory: X41-2018-009 ReDoS Vulnerability in UA-Parser ================================ Severity Rating: Medium Confirmed Affected Versions: 2015-05-14 and newer, commit 6fd6c261274254bcbbacd77ef4b12534c7f9923d Confirmed...
Regular Expression Denial of Service
Overview Versions of underscore.string prior to 3.3.5 are vulnerable to Regular Expression Denial of Service ReDoS. The function unescapeHTML is vulnerable to ReDoS due to an overly-broad regex. The slowdown is approximately 2s for 50,000 characters but grows exponentially with larger inputs...
GHSA-QHV9-728R-6JQG ReDoS via long string of semicolons in tough-cookie
Affected versions of tough-cookie may be vulnerable to regular expression denial of service when long strings of semicolons exist in the Set-Cookie header. Recommendation Update to version 2.3.0 or later...
Regular Expression Denial Of Service (ReDoS)
ua-parser-js is vulnerable to regular expression denial of service ReDoS. A remote attacker is able to cause a denial of service condition through a specially crafted user-agent...
GHSA-8462-Q7X7-G2X4 js-bson vulnerable to REDoS
The MongoDB bson JavaScript module also known as js-bson versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service ReDoS in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString function is called to parse a long untrusted string...
Regular Expression Denial Of Service (ReDoS)
devise-security is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists due to the usage of a vulnerable regular expression that allows a malicious string to cause a ReDoS attack when parsed...
Regular Expression Denial Of Service (ReDoS)
lodash is vulnerable to Regular Expression Denial of Service ReDoS attacks. The library uses a regular expression that does not properly handle processing a large amount of characters, allowing a malicious user to cause a ReDoS...
Regular Expression Denial Of Service (ReDoS)
is-url is vulenrable to regular expression denial of service ReDoS. An attacker is able to create a denial of service condition on the server via a specially crafted URL...
Security Bulletin: Vulnerabilities in OpenSSL and ReDoS vulnerability in semver module affect IBM® SDK for Node.js™ in IBM Bluemix (CVE-2016-2107, CVE-2016-2105, CVE-2015-8855)
Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs. The "semver" module is vulnerable to regular expression denial of service ReDoS when extremely long version strings...
Security Bulletin: Two ReDoS vulnerabilities in modules included in the Node.js npm tool affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux
Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Two ReDoS vulnerabilities in modules included in the Node.js n...
method-override ReDoS when untrusted user input passed into X-HTTP-Method-Override header
Affected versions of method-override are vulnerable to a regular expression denial of service vulnerability when untrusted user input is passed into the X-HTTP-Method-Override header. Recommendation Update to version 2.3.10 or later...