RHEL 8 : ruby:3.1 (RHSA-2024:10834)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10834 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

ALSA-2024:10850 Important: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...

CVE-2024-54157

In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector...

CVE-2024-54157

In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector...

CVE-2024-54157

In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector...

CVE-2024-54157

JetBrains YouTrack before 2024.3.52635 is affected by a potential ReDoS due to a vulnerable RegExp in the Ruby syntax detector. The issue is caused by an inefficient regular expression in the Ruby syntax detector component, enabling a Denial of Service under certain inputs. Affected version set i...

Regular expression Denial of Service - ReDoS

Description A Regular Expression Denial of Service ReDoS vulnerability identified in the Transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issue...

Internet Bug Bounty: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch

A possible ReDoS vulnerability was discovered in the query parameter filtering routines of Action Dispatch in Ruby on Rails. The vulnerability was assigned the CVE identifier CVE-2024-41128. Versions affected were less than 8.0.0.beta1. The issue was addressed in fixed versions 7.2.1.1, 7.1.4.1,...

SUSE CVE-2024-21538

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

CVE-2024-21538

A Regular Expression Denial of Service ReDoS vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string...

CVE-2024-21539

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...

GHSA-7Q7G-4XM8-89CQ Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit

Crafting a very large and well crafted string can increase the CPU usage and crash the program. POC js const ConfigCommentParser = require"@eslint/plugin-kit"; var str = ""; for var i = 0; i 1000000; i++ str += " "; str += "A"; console.log"start" var parser = new ConfigCommentParser;...

OESA-2024-2411 rubygem-actionpack security update

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: Action Pack is a framework for handling and responding to web requests...

OESA-2024-2383 rubygem-actionmailer security update

Email on Rails. Compose, deliver, and test emails using the familiar controller/view pattern. First-class support for multipart email and attachments. Security Fixes: Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5,...

GHSA-PJWM-CR36-MWV3 ReDoS in giskard's transformation.py (GHSL-2024-324)

ReDoS in Giskard text perturbation detector A Remote Code Execution ReDoS vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation...

CVE-2024-52524 ReDoS in Giskard Scan text perturbation

Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution ReDoS vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2024-757)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-757 advisory. There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted...

Important: python3.11

Issue Overview: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. CVE-2024-6232 Affected Packages: python3.11 Issue Correction: Ru...

Important: python3.11

Issue Overview: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. CVE-2024-6232 Affected Packages: python3.11 Issue Correction: Ru...

Fedora 41 : php-tcpdf (2024-b00678c08a)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b00678c08a advisory. Version 6.7.7 2024-10-26 - Update regular expression to avoid ReDoS CVE-2024-22641 - PHP 8.4 Fix: Curl CURLOPTBINARYTRANSFER deprecated 675 - SVG detection f...