667 matches found
CVE-2026-4926 path-to-regexp vulnerable to Denial of Service via sequential optional groups
Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...
@1771technologies/play-frame (>=0.0.2 <=0.0.19), @9188/doso (>=1.0.0 <=1.0.10) +2136 more potentially affected by CVE-2024-45296 +1 more via path-to-regexp (>=0.0.2 <=0.1.12)
path-to-regexp NPM version =0.0.2, =0.0.2, =1.0.0, =1.0.44, =1.16.33, =1.16.33, =25.4.0-alpha.0, =16.7.2, =1.0.1, =2.4.3, =1.11.282, =1.1.55, =0.1.4, =0.1.12-beta.3 and more Source cves: CVE-2024-45296, CVE-2026-4867 Source advisory: SNYK:JS-PATHTOREGEXP-15789761...
com.codbex.aion:codbex-aion-platform (>=0.5.6 <=0.5.7), com.codbex.aion:codbex-aion-platform-keycloack (>=0.5.6 <=0.5.7) +96 more potentially affected by CVE-2024-45296 +1 more via org.webjars.npm:path-to-regexp (>=0.1.7 <=8.2.0)
org.webjars.npm:path-to-regexp MAVEN version =0.1.7, =0.5.6, =0.5.6, =0.5.6, =0.4.0, =0.4.0, =0.5.3, =0.5.5 - com.codbex.kronos:codbex-kronos-coverage-aggregate =0.4.0 - com.codbex.kronos:codbex-kronos-modules-all =0.4.0 - com.codbex.kronos:codbex-kronos-modules-engines-all =0.4.0 -...
CVE-2026-4867
Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...
DEBIAN-CVE-2026-4867
Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...
CVE-2026-4867
Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...
UBUNTU-CVE-2026-4867
Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...
CVE-2026-4867 path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters
Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...
CVE-2026-4867
Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...
CVE-2026-4867
CVE-2026-4867 affects the path-to-regexp library. When three or more parameters occur within a single segment (e.g., /:a-:b-:c or /:a-:b-:c-:d) a bad regular expression is generated, and the backtrack protection added in [email protected] only guards two parameters. As a result, lookaheads ca...
Path-to-RegExp 安全漏洞
Path-to-RegExp is a tool open-sourced by pillarjs. It is used to convert path strings into regular expressions. Versions of Path-to-RegExp before version 8.4.0 had a security vulnerability. This vulnerability stemmed from defects in the regular expressions generated when using multiple wildcards...
Path-to-RegExp 安全漏洞
Path-to-RegExp is a tool open sourced by pillarjs. It is used to convert path strings into regular expressions. Versions of Path-to-RegExp prior to 0.1.12 have security vulnerabilities; these vulnerabilities stem from defects in the generated regular expressions, which may lead to denial-of-servi...
Linux Distros Unpatched Vulnerability : CVE-2026-4867
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period...
Path-to-RegExp 安全漏洞
Path-to-RegExp is a tool open source by pillarjs. It is used to convert path strings into regular expressions. Versions of Path-to-RegExp prior to 8.4.0 have security vulnerabilities; these vulnerabilities stem from the exponential growth of the generated regular expressions, which could lead to...
Malicious code in path-to-regexp-updated (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4f886299ed0f104de3331f447c127332d6de7b5d3bff5954553bb5c50099dfc The package path-to-regexp-updated was found to contain malicious code...
MAL-2026-1808 Malicious code in path-to-regexp-updated (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4f886299ed0f104de3331f447c127332d6de7b5d3bff5954553bb5c50099dfc The package path-to-regexp-updated was found to contain malicious code...
MAL-2026-3125 Malicious code in transform-regexp-constructors (npm)
The package 'transform-regexp-constructors' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
GO-2026-4644 Caddy's vars_regexp double-expands user input, leaking env vars and files in github.com/caddyserver/caddy
Caddy's varsregexp double-expands user input, leaking env vars and files in github.com/caddyserver/caddy...
CVE-2026-30852
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...
CVE-2026-30852
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...