Security Bulletin: IBM Security SOAR is vulnerable to denial of service (CVE-2024-45296)

Summary IBM Security SOAR was using a UI component which contained a vulnerability that could lead to a client-side regular expression denial of service CVE-2024-45296. The vulnerable component has been removed from the UI. Please upgrade to IBM Security SOAR version 51.0.4.0 or later...

Security Bulletin: IBM Maximo Application Suite uses axios-1.7.2.tgz and fast-xml-parser-4.2.5.tgz which is vulnerable to CVE-2024-39338 and CVE-2024-41818.

Summary IBM Maximo Application Suite uses axios-1.7.2.tgz and fast-xml-parser-4.2.5.tgz which is vulnerable to CVE-2024-39338 and CVE-2024-41818. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is...

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2024-45296)

Summary pillarjs Path-to-RegExp is used by IBM DataPower Gateway as part of the DataPower UI CVE-2024-45296 Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending...

BIT-RUBY-MIN-2021-41817

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...

BIT-RUBY-MIN-2023-28756

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rexml-3.3.6.gem

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of rexml-3.3.6.gem . Vulnerability Details CVEID:CVE-2024-49761 DESCRIPTION: REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits...

Security Bulletin: IBM Engineering Requirements Management DOORS Next uses a CKEditor version affected by multiple vulnerabilities

Summary IBM Engineering Requirements Management DOORS Next uses a CKEditor version vulnerable to CVE-2021-33829 'Cross-site Scripting', CVE-2020-27193 'Cross-site Scripting', CVE-2021-26272 ReDoS, CVE-2021-41164 'Cross-site Scripting', CVE-2021-26271 ReDoS, CVE-2021-37695 'Cross-site Scripting',...

BIT-PYTHON-MIN-2024-6232 Regular-expression DoS when parsing TarFile headers

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

BIT-PYTHON-MIN-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-1014)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header an...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-1031)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header an...

Medium: nodejs20

Issue Overview: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. CVE-2024-21538 Affected...

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2025-796)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-796 advisory. Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the...

PT-2025-2733 · Ctfd · Ctfd

Name of the Vulnerable Software and Affected Versions: CTFd version 3.7.3 Description: The issue is related to the validate email function in CTFd/utils/validators/ init .py, which allows attackers to cause a Regular expression Denial of Service ReDoS by providing a crafted string as an email...

BIT-RAILS-2024-26142 Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

ruby:3.1 security update

An update is available for rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, module.rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an...

ruby:2.5 security update

An update is available for ruby, rubygem-bson, module.rubygem-bson, rubygem-bundler, rubygem-abrt, module.rubygem-pg, rubygem-mysql2, module.ruby, rubygem-mongo, module.rubygem-bundler, rubygem-pg, module.rubygem-mongo, module.rubygem-abrt, module.rubygem-mysql2. This update affects Rocky Linux 8...

ruby:3.1 security update

An update is available for ruby, rubygem-abrt, module.rubygem-pg, rubygem-mysql2, module.ruby, rubygem-pg, module.rubygem-abrt, module.rubygem-mysql2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RLSA-2024:10850 Important: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...

The vulnerability of the mpmathify function in the mpmath library of the Python interpreter allows a hacker to trigger a ReDos denial-of-service attack.

The vulnerability of the mpmathify function in the mpmath library of the Python programming language is related to unlimited resource distribution. Exploiting this vulnerability can allow a malicious actor, operating remotely, to trigger a Service Rejection ReDos...