3332 matches found
path-to-regexp outputs backtracking regular expressions
Impact A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period .. For example, /:a-:b. Patches For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. These versions add backtrack protection...
CVE-2024-6232
A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive. Mitigation Mitigation for this issue is either n...
CVE-2024-6232
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...
AZL-48585 CVE-2024-6232 affecting package python3 for versions less than 3.9.19-5
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...
DEBIAN-CVE-2024-6232
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...
UBUNTU-CVE-2024-6232
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...
CVE-2024-6232 Regular-expression DoS when parsing TarFile headers
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...
CVE-2024-6232
CVE-2024-6232 affects CPython: tarfile.TarFile header parsing RegEx backtracking causes a ReDoS, with a base score of 7.5 (HIGH). Attack vector is NETWORK and requires no privileges or user interaction. Impact is listed as Availability impact being HIGH; Confidentiality/Integrity are NONE. The is...
CVE-2024-6232 Regular-expression DoS when parsing TarFile headers
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...
CVE-2024-6232
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...
PSF-2024-11
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...
CVE-2024-6232
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...
Regular Expression Denial Of Service (ReDoS)
urlregex is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficient handling of regular expressions in the index.js file of the Backtracking component in nescalante urlregex, allowing an attacker to induce performance degradation or resource exhaustion...
PT-2024-7545
Name of the Vulnerable Software and Affected Versions CPython affected versions not specified Description The issue is related to regular expressions used in tarfile.TarFile header parsing, which can cause excessive backtracking and are vulnerable to ReDoS via specifically-crafted tar archives...
CVE-2020-36830 nescalante urlregex Backtracking index.js redos
A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The...
CVE-2020-36830 nescalante urlregex Backtracking index.js redos
A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The...
CVE-2023-7279 Secure Systems Engineering Connaisseur Delegation Name targets_schema.json redos
A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targetsschema.json of the component Delegation Name Handler. The manipulation leads to inefficient regular...
marked npm module heading ReDenial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'marked npm module "heading" ReDoS', 'Description' = %q This module exploits a Regular Expression Denial of Service vulnerability in the npm modul...
Metasploit HTTP(S) handler Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Metasploit HTTPS handler DoS', 'Description' = %q This module exploits the Metasploit HTTPS handler by sending a specially crafted HTTP request...
BIT-GITLAB-2024-2800 Uncontrolled Resource Consumption in GitLab
ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking...