Regular Expression Denial Of Service (ReDoS)

Moodle is vulnerable to Regular Expression Denial Of Service ReDoS attacks. The attacks can be triggered because of the use of a non-optimal regular expression in the URLs filter in filter/urltolink/filter.php, causing high CPU consumption during URL conversion...

ReDoS

Overview Affected versions of brace-expansion are vulnerable to a regular expression denial of service condition. Proof of Concept var expand = require'brace-expansion'; expand',,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\n'; Recommendation...

Regular Expression Denial Of Service (ReDoS)

decamelize is vulnerable to denial of service DoS attacks. These attacks are possible through the regular expression used to identify camel case names. If an attacker uses the | character, they are able to add to the regular expression and consume the CPU...

Regular Expression Denial Of Service (ReDoS)

brace-expansion is vulnerable to regular expression denial of service ReDoS attacks. A malicious user can pass a string containing a large amount of commas to cause the package to hang...

ReDoS via long UserAgent header

Overview Affected versions of ua-parser are vulnerable to regular expression denial of service when given a specially crafted User-Agent header. Recommendation No patch is currently available for this vulnerability. The best mitigation is currently to avoid using this package, using a different,...

DEBIAN-CVE-2016-4055

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service CPU consumption via a long string, aka a "regular expression Denial of Service ReDoS."...

Design/Logic Flaw

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...

CVE-2015-8858

The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service CPU consumption via crafted input in a parse call, aka a "regular expression denial of service ReDoS."...

CVE-2015-8315

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...

CVE-2015-8858

CVE-2015-8858 : The vulnerability affects the uglify-js package before 2.6.0 used in Node.js, where a crafted input to parse() can trigger a regular expression denial of service (ReDoS) and cause high CPU usage. Root cause is a flaw in the regular expression handling within the parser. Impact is ...

CVE-2015-8855

The CVE-2015-8855 entry concerns the semver package for Node.js, where versions before 4.3.2 are vulnerable to a regular expression denial of service (ReDoS) via an excessively long version string. Root cause: an error in the regular expression implementation within semver. Impact: potential CPU ...

CVE-2015-8315

The Node.js ms module is vulnerable to a regular expression denial of service (ReDoS) when parsing extremely long version strings. This affects versions before 0.7.1 and can cause CPU exhaustion, potentially degrading availability. Multiple sources (NVD entry CVE-2015-8315 and OSS/NVD mirrors, np...

CVE-2015-8315

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...

CodeWarrior - Just Another Manual Code Analysis Tool And Static Analysis Tool

Just another manual code analysis tool and static analysis tool Codewarrior runs at HTTPd with TLS, uses KISS principle https://en.wikipedia.org/wiki/KISSprinciple Directories: web/ = local of javascripts and html and css sources src/ = C source code, this code talking with web socket eggs/ =...

Regular Expression Denial Of Service (ReDoS)

elasticsearch is vulnerable to regular expression denial of service ReDoS attacks. A malicious user can trigger a infinite loop using two successive wildcard characters which can lead to a denial of service...

redos

This plugin finds ReDoS regular expression DoS vulnerabilities as explained here: http://en.wikipedia.org/wiki/ReDoS Plugin type Audit Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code...

CVE-2011-5021

PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service ReDoS filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors...

Design/Logic Flaw

PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service ReDoS filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors...

CVE-2011-5021

PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service ReDoS filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors...

CVE-2011-5021

CVE-2011-5021 affects PHPIDS before 0.7. The vulnerability arises from improper implementation of Regular Expression Denial of Service (ReDoS) filters, allowing remote attackers to bypass rulesets and insert PHP sequences into a file via unspecified vectors. Impact is partial confidentiality, int...