3332 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-42836
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack. CVE-2021-42836 Note that Nessus relies on the presence of the package as reported...
CVE-2025-27220
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...
CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement
There is a possibility for Regular expression Denial of Service ReDoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. Details The regular expression used in CGI::UtilescapeElement is vulnerable to ReDoS. The crafted...
GHSA-MHWM-JH88-3GJF CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement
There is a possibility for Regular expression Denial of Service ReDoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. Details The regular expression used in CGI::UtilescapeElement is vulnerable to ReDoS. The crafted...
CVE-2025-27220
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ruby2.5 (SUSE-SU-2025:0736-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0736-1 advisory. - CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick bsc1230930 - CVE-2024-49761:...
Security Bulletin: Vulnerability in Cross-Spawn affects watsonx.data
Summary Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS . This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denia...
SUSE-SU-2025:0736-1 Security update for ruby2.5
This update for ruby2.5 fixes the following issues: - CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick bsc1230930 - CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml bsc1232440 Other fixes: - ruby/uri Fix quadratic backtracking on invalid relative URI - ruby/time Make...
PT-2025-8695
Name of the Vulnerable Software and Affected Versions CGI gem versions prior to 0.4.2 Description A Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method. This issue can lead to high CPU consumption due to crafted input. The vulnerability affects Ruby...
CVE-2025-27220 - ReDoS in CGI::Util#escapeElement.
There is a possibility for Regular expression Denial of Service ReDoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. Details The regular expression used in CGI::UtilescapeElement is vulnerable to ReDoS. The crafted...
Moderate: Red Hat Security Advisory: python3 security update
An update for python3 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RHEL 7 : python3 (RHSA-2025:1750)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1750 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...
CVE-2025-25289
A Regular Expression Denial of Service ReDoS vulnerability exists in @octokit/request-error's processing of HTTP request headers. This flaw is triggered by an authorization header containing an excessively long sequence of spaces followed by a newline and "@" symbol, leading to excessive resource...
CVE-2025-25290
@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...
CVE-2025-25285
@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the...
CVE-2025-25288
@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a...
CVE-2025-25290
CVE-2025-25290 affects Octokit’s request.js: the code path that parses HTTP Link headers uses an unbounded RegExp (/]+)>; rel="deprecation"/) to match deprecation links. This enables a ReDoS (Regular Expression Denial of Service) by crafted link headers, causing high CPU use and potential serv...
CVE-2025-25290 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...
CVE-2025-25290 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...
CVE-2025-25290 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...