3336 matches found
CVE-2016-10540
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...
CVE-2016-10540
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...
Code injection
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...
CVE-2016-10521
jshamcrest is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in to the emailAddress validator...
CVE-2016-10520
jadedown is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in...
CVE-2016-10521
jshamcrest is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in to the emailAddress validator...
CVE-2015-9239
CVE-2015-9239 affects the ansi2html package and is a regular expression denial of service (ReDoS) vulnerability triggered by certain types of user input. The connected advisories document a PoC and confirm the issue, with CVSS v3.1 base score 7.5 (HIGH) and High availability impact per the NVD en...
CVE-2016-10520
jadedown is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in...
CVE-2016-10540
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...
CVE-2016-10540
CVE-2016-10540 refers to Minimatch (node) where the function minimatch(path, pattern) in Minimatch 3.0.1 and earlier is vulnerable to ReDoS through the pattern parameter. The connected IBM security bulletin reiterates the same description and CVSS base score of 7.5, noting multiple related CVEs b...
CVE-2016-10520
CVE-2016-10520 affects the jadedown package and is a Regular Expression Denial of Service (ReDoS) vulnerability triggered by certain user inputs. The connected GHSA advisory provides a PoC-style example illustrating a crafted input causing prolonged blocking, and notes the issue was identified in...
CVE-2015-9239
ansi2html is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in...
CVE-2016-10540
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...
marked npm module "heading" ReDoS
This module exploits a Regular Expression Denial of Service vulnerability in the npm module "marked". The vulnerable portion of code that this module targets is in the "heading" regular expression. Web applications that use "marked" for generating html from markdown are vulnerable. Versions up to...
Regular Expression Denial Of Service (ReDoS)
clean-css is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists due to the use of a vulnerable regex pattern where using it to match a malicious string could result in a ReDoS attack...
CVE-2018-7158
The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...
CVE-2018-7158
The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...
CVE-2018-7158
The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...
CVE-2018-7158
CVE-2018-7158: Node.js path module ReDoS vulnerability affecting the 4.x release line; crafted file paths in path.dirname, path.extname, path.parse can cause excessive evaluation time. Fixed in Node.js 6.x+; IBM advisories for IBM SDK for Node.js (6.x and 8.x) indicate remediation via upgrading t...
CVE-2018-7158
The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...