Lucene search
K

71 matches found

CNNVD
CNNVD
added 2023/04/18 12:0 a.m.5 views

Rack 安全漏洞

Rack is a modular Ruby web server interface. A security vulnerability exists in Rack. An attacker could exploit this vulnerability to perform a regular expression denial of service attack...

5.3CVSS6.6AI score0.01063EPSS
Exploits0References11
Snyk
Snyk
added 2023/03/26 10:18 a.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this...

5.3CVSS6.8AI score0.01695EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.4 views

SUSE CVE-2015-8858

The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service CPU consumption via crafted input in a parse call, aka a "regular expression denial of service ReDoS."...

7.8CVSS8.3AI score0.02358EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/02/06 7:42 p.m.4 views

nodejs-minimatch: ReDoS via the braceExpand function

A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...

7.5CVSS7.1AI score0.01674EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/22 12:0 a.m.2 views

ua-parser-js 安全漏洞

ua-parser-js is a JavaScript-based parser for User-Agent strings. It can be used in a browser client-side or node.js server-side environment. Can also be used as a jQuery / Zepto plugin, Bower / Meteor package and RequireJS / AMD module . A security vulnerability exists in ua-parser-js versions...

7.5CVSS6.9AI score0.01725EPSS
Exploits2References5
CNNVD
CNNVD
added 2023/01/20 12:0 a.m.5 views

rubygem-activesupport 安全漏洞

rubygem-activesupport is an application of rubygems open source. A security vulnerability exists in rubygem-activesupport. An attacker exploited the vulnerability to perform a regular expression denial of service attack...

7.5CVSS7.3AI score0.01712EPSS
Exploits0References8
Snyk
Snyk
added 2023/01/18 6:24 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

7.5CVSS6.8AI score0.01503EPSS
Exploits0References2
Snyk
Snyk
added 2023/01/17 9:30 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview sisimai is a Ruby library for analyzing RFC5322 bounce emails and generating structured data from parsed results. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expressions in the function toplain of the...

7.5CVSS6.8AI score0.01336EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/01/05 12:0 a.m.7 views

CVE-2022-23548

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, parsing posts can be susceptible to regular expression denial of service ReDoS attacks. This issue is patched in versions 2.8.14 and...

6.5CVSS6.9AI score0.00735EPSS
Exploits0References2
OSV
OSV
added 2022/12/23 12:15 a.m.3 views

UBUNTU-CVE-2022-40897

Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS in packageindex.py...

5.9CVSS6.8AI score0.02617EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/07/13 12:0 a.m.4 views

Apache Tapestry 安全漏洞

Apache Tapestry is a web application framework written in the Java language from the Apache Foundation, U.S. A denial-of-service vulnerability exists in versions of Apache Tapestry prior to 5.8.1, which stems from a vulnerability in the way content types are handled to improper regular expression...

7.5CVSS5.6AI score0.01727EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/06/27 10:15 a.m.4 views

CVE-2021-40896

A Regular Expression Denial of Service ReDOS vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails...

7.5CVSS7.1AI score0.00979EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/06/27 12:0 a.m.6 views

PT-2022-11326 · Unknown · Scaffold-Helper

Name of the Vulnerable Software and Affected Versions: scaffold-helper version 1.2.0 Description: A Regular Expression Denial of Service ReDOS issue was found in scaffold-helper when copying crafted invalid files. This occurs due to inefficient regular expression handling, which can lead to...

7.5CVSS7.3AI score0.00979EPSS
Exploits1References4
OSV
OSV
added 2022/06/03 12:1 a.m.2 views

GHSA-FP36-299X-PWMW Regular expression denial of service in devcert

An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...

7.5CVSS6AI score0.006EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2021/12/20 10:15 p.m.2 views

CVE-2021-43843

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...

7.5CVSS7AI score0.01916EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/10/22 6:15 p.m.3 views

UBUNTU-CVE-2021-42836

GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

7.5CVSS7.3AI score0.02246EPSS
Exploits1References7
CNNVD
CNNVD
added 2021/05/04 12:0 a.m.5 views

npm path-parse 安全漏洞

npm path-parse is an application plugin from the United States npm. It provides a path-parse function. A security vulnerability exists in path-parse, which originates from a Regular Expression Denial of Service ReDoS attack via the splitDeviceRe, splitTailRe, and splitPathRe regular expressions...

7.5CVSS7AI score0.02218EPSS
Exploits1References28
CNNVD
CNNVD
added 2021/04/28 12:0 a.m.4 views

browserslist 安全漏洞

browserslist is a software application. It is used to share the configuration of target browsers and Node.js versions between different front-end tools. A security vulnerability exists in browserslist from version 4.0.0 to 4.16.5, which stems from vulnerability to regular expression denial of...

5.3CVSS7.3AI score0.02429EPSS
Exploits1References10
OSV
OSV
added 2021/03/23 5:15 p.m.8 views

AZL-44058 CVE-2021-23362 affecting package js-jquery 3.5.0-4

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...

5.3CVSS6.7AI score0.03612EPSS
Exploits1References1
OSV
OSV
added 2021/03/19 9:22 p.m.24 views

GHSA-XFHP-GMH8-R8V2 printf vulnerable to Regular Expression Denial of Service (ReDoS)

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string regex /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

7.5CVSS5.9AI score0.02176EPSS
Exploits1References5
Rows per page
Query Builder