EUVD-2023-0519

Malicious code in bioql PyPI...

Regular Expression Denial Of Service (ReDoS)

string-kit is vulnerable to regular expression denial of service attacks. The vulnerability exists via the module.exports function in naturalSort.js, which does not properly handle user-input data due to to inefficient regular expression complexity, allowing an attacker to cause an application...

GHSA-PFRM-4RJW-G9Q5 string-kit Inefficient Regular Expression Complexity vulnerability

A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to versi...

@achannarasappa/locust-cli (>=0.1.0 <=0.3.0), @achannarasappa/locust-cli-dashboard (=0.1.0) +346 more potentially affected by CVE-2021-4299 via string-kit (>=0.0.14 <=0.11.10)

string-kit NPM version =0.0.14, =0.1.0, =1.0.0, =0.1.0, =1.0.0-M.5a, =1.0.0, =0.0.3, =0.100.1-canary.31, =1.0.0, =1.0.3, =0.2.0, =0.11.0, =0.1.5, =0.1.1, =0.1.2 and more Source cves: CVE-2021-4299 Source advisory: OSV:GHSA-PFRM-4RJW-G9Q5...

string-kit Inefficient Regular Expression Complexity vulnerability

A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to versi...

CVE-2021-4299

A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to versi...

CVE-2021-4299

A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to versi...

Design/Logic Flaw

A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to versi...

CVE-2021-4299

The CVE-2021-4299 issue affects cronvel string-kit up to v0.12.7, specifically the naturalSort function in lib/naturalSort.js. The vulnerability stems from inefficient regular-expression complexity, enabling a remote attacker to cause performance-based impact (DoS). Upgrading to v0.12.8 mitigates...

CVE-2021-4299 cronvel string-kit naturalSort.js naturalSort redos

A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to versi...

PT-2023-12403 · Unknown · Cronvel String-Kit

Name of the Vulnerable Software and Affected Versions: cronvel string-kit versions up to 0.12.7 Description: A problematic issue was found in the naturalSort function of the lib/naturalSort.js file, leading to inefficient regular expression complexity. The attack can be initiated remotely...

String Kit 安全漏洞

String Kit is a string manipulation toolkit by the individual developer Cedric Ronvel. A security vulnerability exists in String Kit version 0.12.7 and earlier. An attacker exploited the vulnerability to cause low regular expression complexity...

Inefficient Regular Expression Complexity in cronvel/string-kit

✍️ Description A ReDoS regular expression denial of service flaw was found in the string-kit package. An attacker that is able to provide crafted input to the naturalSort function may cause an application to consume an excessive amount of CPU. 🕵️‍♂️ Proof of Concept Create the following PoC file:...