Regular Expression Denial of Service

Overview Version of is-my-json-valid before 1.4.1 or 2.17.2 are vulnerable to regular expression denial of service ReDoS via the email validation function. Recommendation Update to version 1.4.1, 2.17.2 or later. References - GitHub PR 159 - GitHub Commit b3051b2 - HackerOne Report - GitHub Advis...

CVE-2018-1109

A vulnerability was found in nodejs-braces. Affected versions of this package are vulnerable to Regular expression Denial of Service ReDoS attacks. The highest threat from this vulnerability is system availability...

Regular Expression Denial Of Service (ReDoS)

sshpk is vulnerable to Regular expression Denial of Service ReDoS. Due to weak regular expression choice used for public key, attackers are able to pass a malicious public key string , leading to a huge performance slow down...

Regular Expression Denial Of Service (ReDoS)

protobufjs is vulnerable to regular expression denial of service ReDoS. The attack can be triggered when the attacker parses or loads .proto file sources using malicious file or regex or string...

node.js -- multiple vulnerabilities

Node.js reports: Node.js Inspector DNS rebinding vulnerability CVE-2018-7160 Node.js 6.x and later include a debugger protocol also known as "inspector" that can be activated by the --inspect and related command line flags. This debugger service was vulnerable to a DNS rebinding attack which coul...

Regular Expression Denial of Service in ssri

Version of ssri prior to 5.2.2 are vulnerable to regular expression denial of service ReDoS when using strict mode. Recommendation Update to version 5.2.2 or later...

Regular Expression Denial Of Service (ReDoS)

Django is vulnerable to regular expression denial of service ReDoS attacks. The application takes more than linear time when certain strings are passed to the text truncating function, resulting in a DoS...

Regular Expression Denial Of Service (ReDoS)

Django is vulnerable to regular expression denial of service attacks.The application takes more than linear time when certain strings are passed to the urlize function, resulting in an application crash...

GHSA-6JQP-J69Q-PM62 AWS Lambda parser is vulnerable to Regular Expression Denial of Service

index.js in the aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service ReDoS issue via a crafted multipart/form-data boundary string...

AWS Lambda parser is vulnerable to Regular Expression Denial of Service

index.js in the aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service ReDoS issue via a crafted multipart/form-data boundary string...

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to regular expression denial of service ReDoS attacks.The application takes more than linear time when scanning certain strings, resulting in a DoS...

Regular Expression Denial Of Service (ReDoS)

aws-lambda-multipart-parser is vulnerable to regular expression denial of service ReDoS attacks. These attacks are possible through a multipart/form-data boundary string and allows attackers to inject and execute arbitrary code...

Design/Logic Flaw

index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service ReDoS issue via a crafted multipart/form-data boundary string...

CVE-2018-7560

index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service ReDoS issue via a crafted multipart/form-data boundary string...

CVE-2018-7560

index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service ReDoS issue via a crafted multipart/form-data boundary string...

CVE-2018-7560

The CVE-2018-7560 issue affects the npm package aws-lambda-multipart-parser prior to version 0.1.2 by Anton Myshenin. The vulnerability is a Regular Expression Denial of Service (ReDoS) in index.js triggered by specially crafted multipart/form-data boundary strings, potentially enabling a denial ...

CVE-2018-7560

index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service ReDoS issue via a crafted multipart/form-data boundary string...

Node.js third-party modules: `foreman` is vulnerable to ReDoS in path

I would like to report ReDoS in foreman. It allows to cause denial of service by suppling a crafted path. Module module name: foreman version: 2.0.0 npm page: https://www.npmjs.com/package/foreman Module Description Node Foreman is a Node.js version of the popular Foreman tool, with a few Node...

Node.js third-party modules: `useragent` is vulnerable to ReDoS in user-agent string

Denial of Service by passing crafted user-agent strings...

Regular Expression Denial Of Service (ReDoS)

eslint is vulnerable to regular expression denial of service ReDoS attacks. These attacks are possible because there is catastrophic backtracking in the regex used to interpolate keys from an object in markers...