Node.js third-party modules: `rgb2hex` is vulnerable to ReDoS when parsing crafted invalid colors

I would like to report a ReDoS in rgb2hex. It allows to cause Denial of Service by trying to parse a crafted color string. Module module name: rgb2hex version: 0.1.0 npm page: https://www.npmjs.com/package/rgb2hex Module Description Parse any rgb or rgba string into a hex color. Lightweight...

Node.js third-party modules: `sshpk` is vulnerable to ReDoS when parsing crafted invalid public keys

I would like to report a ReDoS in sshpk It allows to cause Denial of Service by trying to parse a crafted public key. Module module name: sshpk version: 1.13.1 npm page: https://www.npmjs.com/package/sshpk Module Description Parse, convert, fingerprint and use SSH keys both public and private in...

Node.js third-party modules: `protobufjs` is vulnerable to ReDoS when parsing crafted invalid *.proto files

I would like to report a ReDoS in protobufjs It allows to cause Denial of Service by trying to parse or load a crafted .proto file. Module module name: protobufjs version: 6.8.5 npm page: https://www.npmjs.com/package/MODULE NAME Module Description Protocol Buffers are a language-neutral,...

Regular Expression Denial Of Service (ReDoS)

bassmaster is vulnerable to regular expression denial of service ReDoS attacks. These attacks are possible because the regex which is used for checking pipelines for valid urls can be given an extremely large string to make the application hang...

Regular Expression Denial Of Service (ReDoS)

is-my-json-valid is vulnerable to regular expression denial of service ReDoS attacks. A malicious user can pass a string through the email field to cause a ReDoS during email validation...

Regular Expression Denial Of Service (ReDoS)

ssri is vulnerable to regular expression denial of service ReDoS attacks. If an application is using the opts.strict option, attackers can inject extremely long base64 hash strings to cause the application to hang...

Regular Expression Denial Of Service (ReDoS)

node-forge is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is caused by a weak choice of regular expression regex groups and allows a given string to cause a huge performance slow down...

Node.js third-party modules: Regular Expression Denial of Service (ReDoS)

The issue was already fixed. Module: is-my-json-valid Summary: Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks. It used a regular expression /^\S+@\S+$/ in order to validate emails. This can cause an impact of about 10 seconds matching time f...

CVE-2017-18077

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

GHSA-832H-XG76-4GV6 ReDoS in brace-expansion

Affected versions of brace-expansion are vulnerable to a regular expression denial of service condition. Proof of Concept var expand = require'brace-expansion'; expand',,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\n'; Recommendation Update to...

ReDoS in brace-expansion

Affected versions of brace-expansion are vulnerable to a regular expression denial of service condition. Proof of Concept var expand = require'brace-expansion'; expand',,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\n'; Recommendation Update to...

CVE-2017-18077

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

Code injection

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

CVE-2017-18077

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

CVE-2017-18077

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

CVE-2017-18077

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

CVE-2017-18077

CVE-2017-18077 : The brace-expansion package’s index.js is vulnerable to a Regular Expression Denial of Service (ReDoS) when given an expand argument with many comma characters. Affected: brace-expansion prior to 1.1.7. Impact and exploit details are documented in the connected sources. Remediati...

Moderate severity vulnerability that affects marked

Withdrawn This advisory has been withdrawn, per NVD: "This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue." Original Description A Regular expression Denial of Service ReDoS vulnerability in the file marked.js of the marked npm package tested on...

Regular Expression Denial Of Service (ReDoS)

ua-parser-js is vulnerable to regular expression denial of service ReDoS attacks. An attacker can pass a string value to the getOS function to cause a ReDoS...

ua-parser-js npm module ReDoS

This module exploits a Regular Expression Denial of Service vulnerability in the npm module "ua-parser-js". Server-side applications that use "ua-parser-js" for parsing the browser user-agent string will be vulnerable if they call the "getOS" or "getResult" functions. This vulnerability was fixed...