111 matches found
SUSE CVE-2022-2596
Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10...
Information disclosure
A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function isheader of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this...
CVE-2020-36661
CVE-2020-36661 affects Kong lua-multipart 0.5.8-1. The vulnerability resides in the is_header function in src/multipart.lua, causing inefficient regular expression complexity (redos). The issue has a stated fix: upgrade to version 0.5.9-1, with the patch identified as d632e5df43a2928fd537784a99a7...
simple-markdown 安全漏洞
Khan Academy simple-markdown is a Markdown parser. A security vulnerability exists in simple-markdown version 0.6.0. An attacker has exploited the vulnerability to reduce regular expression complexity...
lua-multipart 安全漏洞
lua-multipart is a Lua library for parsing and editing multipart/form-data data. A security vulnerability exists in Kong lua-multipart version 0.5.8-1. An attacker has exploited the vulnerability to reduce regular expression complexity...
PT-2023-11360 · Unknown · Simple-Markdown
Name of the Vulnerable Software and Affected Versions: simple-markdown version 0.6.0 Description: A problematic vulnerability was found in the simple-markdown software, affecting an unknown function of the file simple-markdown.js. The issue arises from inefficient regular expression complexity wh...
PT-2023-33000 · Unknown · Http-Cache-Semantics +1
Name of the Vulnerable Software and Affected Versions: http-cache-semantics versions prior to 4.1.1 cacheable-request versions prior to 10.2.7 Description: The issue is related to an Inefficient Regular Expression Complexity in http-cache-semantics, which can lead to Denial of Service. This can b...
mholt PapaParse 安全漏洞
mholt PapaParse is a CSV delimited text parser for individual developers. A security vulnerability exists in mholt PapaParse version 5.1.x and earlier versions. An attacker exploited the vulnerability to cause inefficient regular expression complexity...
PT-2023-10815 · Unknown · Prestaul Skeemas
Name of the Vulnerable Software and Affected Versions: Prestaul skeemas affected versions not specified Description: A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the...
DEBIAN-CVE-2017-20165
A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. T...
AZL-43849 CVE-2017-20162 affecting package nodejs-nodemon 2.0.3-4
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...
UBUNTU-CVE-2017-20162
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...
PT-2023-12409 · Unknown · Woorank Robots-Txt-Guard
Name of the Vulnerable Software and Affected Versions: Woorank robots-txt-guard affected versions not specified Description: A vulnerability was found in the function makePathPattern of the file lib/patterns.js. The manipulation of the argument pattern leads to inefficient regular expression...
CVE-2021-4299
A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to versi...
CVE-2015-10005
A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/htmlre.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of t...
Design/Logic Flaw
A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/htmlre.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of t...
Markdown-It 安全漏洞
Markdown-It is a Markdown parser. A security vulnerability exists in versions of Markdown-It before 2.x. An attacker exploited the vulnerability to cause an increase in the complexity of regular expressions...
USN-5610-1 rust-regex vulnerability
Addison Crump discovered that rust-regex did not properly limit the complexity of the regular expressions regex it parses. An attacker could possibly use this issue to cause a denial of service...
Inefficient Regular Expression Complexity potentially leads to Denial of Service in
Description Inefficient regular expression complexity of lowercase and uppercase regex could lead to a denial of service attack. With a formed payload 'a' + 'a'.repeati + 'A', only 32 characters payload could take 29443 ms time execution when testing lowercase. The same issue happens with...
DEBIAN-CVE-2021-3842
nltk is vulnerable to Inefficient Regular Expression Complexity...