111 matches found
CVE-2025-4727 Meteor livedata_server.js Object.assign redos
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...
CVE-2025-3986
A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...
CVE-2025-3986 Apereo CAS CasConfigurationMetadataServerController.java redos
A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...
Apereo CAS 安全漏洞
Apereo CAS is a web-based enterprise multilingual single sign-on solution from Apereo open source. A security vulnerability exists in Apereo CAS version 5.2.6, which stems from the file cas-5.2.6webapp-mgmtcas-management-webapp-...
Apereo CAS 安全漏洞
Apereo CAS is a web-based enterprise multilingual single sign-on solution from Apereo open source. A security vulnerability exists in Apereo CAS version 5.2.6, which originates from the file cas-5.2.6corecas-server-core-configuration-metadata-repositorysrcmainjavaorgapereocasmetadata Parameter Na...
CVE-2025-2833
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...
CVE-2024-10550
A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...
Inefficient Regular Expression Complexity in koa
Summary Koa uses an evil regex to parse the X-Forwarded-Proto and X-Forwarded-Host HTTP headers. This can be exploited to carry out a Denial-of-Service attack. PoC Coming soon. Impact This is a Regex Denial-of-Service attack and causes memory exhaustion. The regex should be improved and empty...
GHSA-WQ8X-CG39-8MRR org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service DoS scenario by exhausting system resources due to a Regex complexity...
Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wq8x-cg39-8mrr. This link is maintained to preserve external references. Original Description A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils metho...
GHSA-J3X3-R585-4QHG Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wq8x-cg39-8mrr. This link is maintained to preserve external references. Original Description A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils metho...
CVE-2024-10270
A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service DoS scenario by exhausting system resources due to a Regex complexity...
CVE-2024-10270 Org.keycloak:keycloak-services: keycloak denial of service
A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service DoS scenario by exhausting system resources due to a Regex complexity...
CVE-2024-10270 Org.keycloak:keycloak-services: keycloak denial of service
A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service DoS scenario by exhausting system resources due to a Regex complexity...
CVE-2024-10270
CVE-2024-10270 affects org.keycloak:keycloak-services. Provided connected advisories confirm an inefficient regular expression in SearchQueryUtils could cause DoS by exhausting resources. The vulnerability is described consistently across sources (Keycloak-Services DoS via untrusted input in Sear...
CVE-2024-10270
A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service DoS scenario by exhausting system resources due to a Regex complexity...
PT-2024-15266 · Secure Systems Engineering · Secure Systems Engineering Connaisseur
Name of the Vulnerable Software and Affected Versions: Secure Systems Engineering Connaisseur versions up to 3.3.0 Description: A vulnerability has been found in Secure Systems Engineering Connaisseur, affecting unknown code of the file connaisseur/res/targets schema.json of the component...
SUSE SLES15: bind / bind-chrootenv / bind-devel / bind-devel-32bit / bind-doc / etc (SUSE-SU-2023:2578-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2578-1 advisory. bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source...
Regular Expression Denial Of Service (ReDoS)
configobj is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficent regex complexity via the validate function, which can lead to a Denial of Service if an attacker is able to control the input being parsed...
SUSE CVE-2020-6817
bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'...