Security Bulletin: IBM Cloud Pak for Data is vulnerable to regular expression denial of service due to Rack ( CVE-2023-27539 )

Summary Rack is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-27539. Vulnerability Details CVEID:CVE-2023-27539 DESCRIPTION: Rack is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the header parsing component. By sending a...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Node.js semver ( CVE-2022-25883 )

Summary Node.js semver is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-25883. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the new Range...

CVE-2024-2800

ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking...

CVE-2024-2800

ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking...

CVE-2024-2800

CVE-2024-2800 describes a ReDoS vulnerability in GitLab’s RefMatcher when matching branch names with wildcards, affecting GitLab CE/EE versions 11.3 up to 17.0.6, 17.1 up to 17.1.4, and 17.2 up to 17.2.2. The underlying issue is regex backtracking leading to denial of service. Several connected s...

CVE-2024-2800 Uncontrolled Resource Consumption in GitLab

ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking...

CVE-2024-2800

Removed by vendor...

CVE-2024-2800 Uncontrolled Resource Consumption in GitLab

ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking...

GitLab 11.3 < 17.0.6 / 17.1 < 17.1.4 / 17.2 < 17.2.2 (CVE-2024-2800)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of...

Gitlab -- Vulnerabilities

Gitlab reports: Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access Cross project access of Security policy bot Advanced search ReDOS in highlight for code results Denial of Service via banzai pipeline Denial of service using adoc files ReDoS in RefMatcher when matching...

FreeBSD : Gitlab -- Vulnerabilities (729008b9-54bf-11ef-a61b-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 729008b9-54bf-11ef-a61b-2cf05da270f3 advisory. Gitlab reports: Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access...

Security Bulletin: Cloud Pak System is vulnerable to Node.js ReDos (CVE-2022-25883)

Summary ReDos vulnerability found in semver Node.js package affects Cloud Pak System. IBM Cloud Pak System Software has addressed this vulnerability. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression...

CVE-2024-41818

A regular expression denial of service ReDoS flaw was found in fast-xml-parser in the currency.js script. By sending a specially crafted regex input, a remote attacker could cause a denial of service condition...

fast-xml-parser vulnerable to ReDOS at currency parsing

Summary A ReDOS that exists on currency.js was discovered by Gauss Security Labs R&D team. Details https://github.com/NaturalIntelligence/fast-xml-parser/blob/v4.4.0/src/v5/valueParsers/currency.jsL10 contains a vulnerable regex PoC pass the following string '\t'.repeat13337 + '.' Impact Denial o...

CVE-2024-41818 ReDOS at currency parsing fast-xml-parser

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1...

CVE-2024-41818

Technical details about CVE-2024-41818 are not provided in the connected documents. The initial entry notes a ReDoS in currency.js fixed in 4.4.1. Monitor for updates.

CVE-2024-41818 ReDOS at currency parsing fast-xml-parser

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1...

CVE-2024-41818 ReDOS at currency parsing fast-xml-parser

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1...

CVE-2024-41818

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1...

GHSA-8H55-Q5QQ-P685 (ReDoS) Regular Expression Denial of Service in tf2-item-format

Summary Versions of tf2-item-format since at least 4.2.6 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. Tested Versions - 5.9.13 - 5.8.10 - 5.7.0 - 5.6.17 - 4.3.5 - 4.2.6 v5 Upgrade package to ^5.9.14 v4 No patch exists. Please consult the v...