Lucene search
K

3336 matches found

OSV
OSV
added 2018/05/31 8:29 p.m.20 views

CVE-2016-10540

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...

7.5CVSS7.7AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/05/31 8:29 p.m.35 views

CVE-2016-10540

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...

7.5CVSS7.1AI score0.01743EPSS
Exploits1References3
Prion
Prion
added 2018/05/31 8:29 p.m.20 views

Code injection

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...

5CVSS6.5AI score0.01743EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/05/31 8:29 p.m.25 views

CVE-2016-10521

jshamcrest is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in to the emailAddress validator...

7.5CVSS7.4AI score0.01093EPSS
Exploits0References1
NVD
NVD
added 2018/05/31 8:29 p.m.22 views

CVE-2016-10520

jadedown is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in...

7.5CVSS7.4AI score0.01151EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.22 views

CVE-2016-10521

jshamcrest is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in to the emailAddress validator...

7.4AI score0.01093EPSS
Exploits0References1
CVE
CVE
added 2018/05/31 8:0 p.m.51 views

CVE-2015-9239

CVE-2015-9239 affects the ansi2html package and is a regular expression denial of service (ReDoS) vulnerability triggered by certain types of user input. The connected advisories document a PoC and confirm the issue, with CVSS v3.1 base score 7.5 (HIGH) and High availability impact per the NVD en...

7.5CVSS7.4AI score0.01151EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.24 views

CVE-2016-10520

jadedown is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in...

7.4AI score0.01151EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.25 views

CVE-2016-10540

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...

7.4AI score0.01743EPSS
Exploits1References1
CVE
CVE
added 2018/05/31 8:0 p.m.94 views

CVE-2016-10540

CVE-2016-10540 refers to Minimatch (node) where the function minimatch(path, pattern) in Minimatch 3.0.1 and earlier is vulnerable to ReDoS through the pattern parameter. The connected IBM security bulletin reiterates the same description and CVSS base score of 7.5, noting multiple related CVEs b...

7.5CVSS7.3AI score0.01743EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/05/31 8:0 p.m.52 views

CVE-2016-10520

CVE-2016-10520 affects the jadedown package and is a Regular Expression Denial of Service (ReDoS) vulnerability triggered by certain user inputs. The connected GHSA advisory provides a PoC-style example illustrating a crafted input causing prolonged blocking, and notes the issue was identified in...

7.5CVSS7.4AI score0.01151EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.22 views

CVE-2015-9239

ansi2html is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in...

7.4AI score0.01151EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2018/05/31 8:0 p.m.28 views

CVE-2016-10540

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...

7.5CVSS7.5AI score0.01743EPSS
Exploits1
Metasploit
Metasploit
added 2018/05/31 6:33 p.m.25 views

marked npm module "heading" ReDoS

This module exploits a Regular Expression Denial of Service vulnerability in the npm module "marked". The vulnerable portion of code that this module targets is in the "heading" regular expression. Web applications that use "marked" for generating html from markdown are vulnerable. Versions up to...

7.5AI score
Exploits2
Veracode
Veracode
added 2018/05/31 4:32 a.m.11 views

Regular Expression Denial Of Service (ReDoS)

clean-css is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists due to the use of a vulnerable regex pattern where using it to match a malicious string could result in a ReDoS attack...

6.4AI score
Exploits0
NVD
NVD
added 2018/05/17 2:29 p.m.24 views

CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

7.5CVSS7.5AI score0.03381EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/05/17 2:29 p.m.34 views

CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

7.5CVSS6.9AI score0.03381EPSS
Exploits0References1
OSV
OSV
added 2018/05/17 2:29 p.m.30 views

CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

7.5CVSS7.2AI score
Exploits0References1
CVE
CVE
added 2018/05/17 2:0 p.m.108 views

CVE-2018-7158

CVE-2018-7158: Node.js path module ReDoS vulnerability affecting the 4.x release line; crafted file paths in path.dirname, path.extname, path.parse can cause excessive evaluation time. Fixed in Node.js 6.x+; IBM advisories for IBM SDK for Node.js (6.x and 8.x) indicate remediation via upgrading t...

7.5CVSS7.8AI score0.03381EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2018/05/17 2:0 p.m.44 views

CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

7.5CVSS7.5AI score0.03381EPSS
Exploits0
Rows per page
Query Builder