667 matches found
com.codbex.aion:codbex-aion-platform (>=0.5.6 <=0.5.7), com.codbex.aion:codbex-aion-platform-keycloack (>=0.5.6 <=0.5.7) +96 more potentially affected by CVE-2024-45296 +1 more via org.webjars.npm:path-to-regexp (>=0.1.7 <=8.2.0)
org.webjars.npm:path-to-regexp MAVEN version =0.1.7, =0.5.6, =0.5.6, =0.5.6, =0.4.0, =0.4.0, =0.5.3, =0.5.5 - com.codbex.kronos:codbex-kronos-coverage-aggregate =0.4.0 - com.codbex.kronos:codbex-kronos-modules-all =0.4.0 - com.codbex.kronos:codbex-kronos-modules-engines-all =0.4.0 -...
@1771technologies/play-frame (>=0.0.2 <=0.0.19), @9188/doso (>=1.0.0 <=1.0.10) +2136 more potentially affected by CVE-2024-45296 +1 more via path-to-regexp (>=0.0.2 <=0.1.12)
path-to-regexp NPM version =0.0.2, =0.0.2, =1.0.0, =1.0.44, =1.16.33, =1.16.33, =25.4.0-alpha.0, =16.7.2, =1.0.1, =2.4.3, =1.11.282, =1.1.55, =0.1.4, =0.1.12-beta.3 and more Source cves: CVE-2024-45296, CVE-2026-4867 Source advisory: SNYK:JS-PATHTOREGEXP-15789761...
CVE-2026-4867
Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...
DEBIAN-CVE-2026-4867
Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...
CVE-2026-4867
Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...
UBUNTU-CVE-2026-4867
Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...
CVE-2026-4867 path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters
Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...
CVE-2026-4867
CVE-2026-4867 affects the path-to-regexp library. When three or more parameters occur within a single segment (e.g., /:a-:b-:c or /:a-:b-:c-:d) a bad regular expression is generated, and the backtrack protection added in [email protected] only guards two parameters. As a result, lookaheads ca...
CVE-2026-4867
Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...
Path-to-RegExp 安全漏洞
Path-to-RegExp is a tool open sourced by pillarjs. It is used to convert path strings into regular expressions. Versions of Path-to-RegExp prior to 0.1.12 have security vulnerabilities; these vulnerabilities stem from defects in the generated regular expressions, which may lead to denial-of-servi...
Path-to-RegExp 安全漏洞
Path-to-RegExp is a tool open-sourced by pillarjs. It is used to convert path strings into regular expressions. Versions of Path-to-RegExp before version 8.4.0 had a security vulnerability. This vulnerability stemmed from defects in the regular expressions generated when using multiple wildcards...
Linux Distros Unpatched Vulnerability : CVE-2026-4867
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period...
Path-to-RegExp 安全漏洞
Path-to-RegExp is a tool open source by pillarjs. It is used to convert path strings into regular expressions. Versions of Path-to-RegExp prior to 8.4.0 have security vulnerabilities; these vulnerabilities stem from the exponential growth of the generated regular expressions, which could lead to...
Malicious code in path-to-regexp-updated (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4f886299ed0f104de3331f447c127332d6de7b5d3bff5954553bb5c50099dfc The package path-to-regexp-updated was found to contain malicious code...
MAL-2026-1808 Malicious code in path-to-regexp-updated (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4f886299ed0f104de3331f447c127332d6de7b5d3bff5954553bb5c50099dfc The package path-to-regexp-updated was found to contain malicious code...
MAL-2026-3125 Malicious code in transform-regexp-constructors (npm)
The package 'transform-regexp-constructors' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
GO-2026-4644 Caddy's vars_regexp double-expands user input, leaking env vars and files in github.com/caddyserver/caddy
Caddy's varsregexp double-expands user input, leaking env vars and files in github.com/caddyserver/caddy...
CVE-2026-30852
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...
CVE-2026-30852
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...
CVE-2026-30852 Caddy: vars_regexp double-expands user input, leaking env vars and files
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...