EUVD-2021-2126

Malware in sbrugna...

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2021-23424 DESCRIPTION: Node.js ansi-html module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending a specially-crafted regex input, ...

Security Bulletin: Ansi-html is vulnerable to CVE-2021-23424 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite - Monitor Component uses the package ansi-html which is vulnerable to CVE-2021-23424. Vulnerability Details CVEID:CVE-2021-23424 DESCRIPTION: Node.js ansi-html module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS...

GHSA-WHGM-JR23-G3J9 Uncontrolled Resource Consumption in ansi-html

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

Uncontrolled Resource Consumption in ansi-html

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +24131 more potentially affected by CVE-2021-23424 via ansi-html (>=0.0.4 <=0.0.7)

ansi-html NPM version =0.0.4, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic =1.0.0 -...

CVE-2021-23424

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

Regular Expression Denial Of Service (ReDoS)

ansi-html is vulnerable to regular expression denial of service. An attacker is able to exploit the vulnerability by injecting a malicious long string of digits into the system...

CVE-2021-23424

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

CVE-2021-23424

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

Input validation

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

CVE-2021-23424 Regular Expression Denial of Service (ReDoS)

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

CVE-2021-23424

CVE-2021-23424 affects the Node.js package ansi-html . The provided documents describe a denial-of-service condition caused by a regular-expression Denial-of-Service (ReDoS) flaw in processing input, potentially allowing an attacker to consume resources and degrade availability. Several IBM advis...

CVE-2021-23424

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

PT-2021-15512 · Ansi-Html · Ansi-Html

Name of the Vulnerable Software and Affected Versions: ansi-html affected versions not specified Description: The issue arises when an attacker provides a malicious string, causing the system to get stuck processing the input for an extremely long time. Recommendations: At the moment, there is no...

ansi-html安全漏洞

ansi-html is an elegant library for NPM that converts chalk ANSI text to HTML. A security vulnerability exists in ansi-html 0.0.7 and earlier versions, if an attacker exploits this vulnerability by supplying a malicious string, the program will be stuck and unable to process input for an extended...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +24131 more potentially affected by CVE-2021-23424 via ansi-html (>=0.0.4 <=0.0.7)

ansi-html NPM version =0.0.4, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic =1.0.0 -...

Regular Expression Denial of Service (ReDoS)

Overview ansi-html is an An elegant lib that converts the chalked ANSI text to HTML. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time. PoC...