71 matches found
Rack 安全漏洞
Rack is a modular Ruby web server interface. A security vulnerability exists in Rack. An attacker could exploit this vulnerability to perform a regular expression denial of service attack...
Regular Expression Denial of Service (ReDoS)
Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this...
SUSE CVE-2015-8858
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service CPU consumption via crafted input in a parse call, aka a "regular expression denial of service ReDoS."...
nodejs-minimatch: ReDoS via the braceExpand function
A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...
ua-parser-js 安全漏洞
ua-parser-js is a JavaScript-based parser for User-Agent strings. It can be used in a browser client-side or node.js server-side environment. Can also be used as a jQuery / Zepto plugin, Bower / Meteor package and RequireJS / AMD module . A security vulnerability exists in ua-parser-js versions...
rubygem-activesupport 安全漏洞
rubygem-activesupport is an application of rubygems open source. A security vulnerability exists in rubygem-activesupport. An attacker exploited the vulnerability to perform a regular expression denial of service attack...
Regular Expression Denial of Service (ReDoS)
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
Regular Expression Denial of Service (ReDoS)
Overview sisimai is a Ruby library for analyzing RFC5322 bounce emails and generating structured data from parsed results. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expressions in the function toplain of the...
CVE-2022-23548
Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, parsing posts can be susceptible to regular expression denial of service ReDoS attacks. This issue is patched in versions 2.8.14 and...
UBUNTU-CVE-2022-40897
Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS in packageindex.py...
Apache Tapestry 安全漏洞
Apache Tapestry is a web application framework written in the Java language from the Apache Foundation, U.S. A denial-of-service vulnerability exists in versions of Apache Tapestry prior to 5.8.1, which stems from a vulnerability in the way content types are handled to improper regular expression...
CVE-2021-40896
A Regular Expression Denial of Service ReDOS vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails...
PT-2022-11326 · Unknown · Scaffold-Helper
Name of the Vulnerable Software and Affected Versions: scaffold-helper version 1.2.0 Description: A Regular Expression Denial of Service ReDOS issue was found in scaffold-helper when copying crafted invalid files. This occurs due to inefficient regular expression handling, which can lead to...
GHSA-FP36-299X-PWMW Regular expression denial of service in devcert
An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...
CVE-2021-43843
jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...
UBUNTU-CVE-2021-42836
GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...
npm path-parse 安全漏洞
npm path-parse is an application plugin from the United States npm. It provides a path-parse function. A security vulnerability exists in path-parse, which originates from a Regular Expression Denial of Service ReDoS attack via the splitDeviceRe, splitTailRe, and splitPathRe regular expressions...
browserslist 安全漏洞
browserslist is a software application. It is used to share the configuration of target browsers and Node.js versions between different front-end tools. A security vulnerability exists in browserslist from version 4.0.0 to 4.16.5, which stems from vulnerability to regular expression denial of...
AZL-44058 CVE-2021-23362 affecting package js-jquery 3.5.0-4
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...
GHSA-XFHP-GMH8-R8V2 printf vulnerable to Regular Expression Denial of Service (ReDoS)
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string regex /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...