8493 matches found
Astra Linux – Vulnerability in pillow
A issue was discovered in Pillow before version 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack through a crafted PDF file due to a catastrophic backtracking in the regex...
Astra Linux – Vulnerability in configobj
All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This vulnerability can only be exploited by developers who place the offending values in server-side configuration files...
Astra Linux – Vulnerability in Python-Django
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are vulnerable to a ReDoS regular expression denial of service attack due to a very large number of domain name labels for emails and URLs...
RHEL 10 : libssh (RHSA-2026:18160)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18160 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh:...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...
HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...
GHSA-3653-68V6-RQ57 HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...
Regular Expression Denial of Service (ReDoS)
Overview multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Content-Disposition filename parameter parsing. An attacker can cause excessive resource consumption and block the...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Content-Disposition filename parameter parsing. An attacker can cause excessive resource consumption...
multiparty vulnerable to ReDoS via filename parsing
Impact [email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A multipart upload with a long header value containing !filename="1 repeated can cause regex matching to take seconds, blocking...
GHSA-65X3-RW7Q-GX94 multiparty vulnerable to ReDoS via filename parsing
Impact [email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A multipart upload with a long header value containing !filename="1 repeated can cause regex matching to take seconds, blocking...
minimatch: minimatch: Denial of Service via specially crafted glob patterns
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...