PT-2025-7071

Name of the Vulnerable Software and Affected Versions: @octokit/plugin-paginate-rest versions 1.0.0 through 11.4.1 Description: The issue is a Regular Expression Denial of Service ReDoS vulnerability that can be triggered when calling octokit.paginate.iterator with a specially crafted octokit...

Regular expression Denial of Service - ReDoS

Description The preprocessstring function in the transformers.testingutils module uses a regular expression to process code blocks in docstrings. This regular expression has the following structure: codeblockpattern = r"?:python|py\s\n\s ?:.?\n?.?" The segment ?:.?\n?.? contains nested quantifier...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1166)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2025-1166)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between and x...; ...

EulerOS 2.0 SP11 : python-configobj (EulerOS-SA-2025-1163)

According to the versions of the python-configobj package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2025-1147)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between and x...; ...

CVE-2022-29169

BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service ReDoS attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5...

CVE-2022-36034

nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of and with many repetitions of |. This issue has been patched in all versions above 0.2.5. There are currently no known workarounds...

CVE-2023-6386

A denial of service vulnerability was identified in GitLab CE/EE, affecting all versions from 15.11 prior to 16.6.7, 16.7 prior to 16.7.5 and 16.8 prior to 16.8.2 which allows an attacker to spike the GitLab instance resource usage resulting in service degradation...

CVE-2023-6386

Removed by vendor...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.8

Red Hat OpenShift Service Mesh Containers for 2.5.8 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...

CVE-2024-5552

kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service ReDoS attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes th...

CVE-2024-6038

A Regular Expression Denial of Service ReDoS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filterhistory function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history...

Medium: ruby3.2

Issue Overview: A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue...

Medium: ruby3.2

Issue Overview: A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue...

SUSE-SU-2025:20065-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2024-8088: Fixed a denial of service in zipfile bsc1229704 - CVE-2024-6232: Fixed a ReDos via excessive backtracking while parsing header values bsc1230227 - CVE-2024-7592: Fixed a denial of service in the http.cookies module bsc1229596...

CVE-2025-0367

In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service ReDoS attack...

CVE-2025-0367 Regular Expression Denial of Service (ReDoS) in Splunk Supporting Add-on for Active Directory (SA-ldapsearch)

In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service ReDoS attack...

GitLab 10.6 < 16.9.7 / 16.10 < 16.10.5 / 16.11 < 16.11.2 (CVE-2024-1211)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: ReDoS in branch search when using wildcards ReDoS in markdown render pipeline Redos on Discord integrations Redos on Google Chat Integration Denial of Service Attack via Pin Menu DoS b...

Security Bulletin: Vulnerable version of path-regexp shipped with IBM Business Automation Workflow - CVE-2024-45296

Summary IBM Business Automation Workflow packages a vulnerable version of path-to-regex in IBM Business Automation Workflow Configuration Editor and the most recent version of Process Admin Console. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a...