DoS (Denial of Service) ansi-regex Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 9.15.2, 9.16.0, 9.17.0, 10.1.1, 10.3.13, 11.2.0 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of code:java...

DoS (Denial of Service) ansi-regex Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in versions 10.3.13, and 11.2.0 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker...

MAL-2025-46966 Malicious code in ansi-regex (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2777701ac1bf8726f2ea353b404c7d765ea3eb7bf0506207db828590ade1bf6e Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in ansi-regex (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2777701ac1bf8726f2ea353b404c7d765ea3eb7bf0506207db828590ade1bf6e Any computer that has this package installed or running should be considered fully compromised. All...

Linux Distros Unpatched Vulnerability : CVE-2021-3807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ansi-regex is vulnerable to Inefficient Regular Expression Complexity CVE-2021-3807 Note that Nessus relies on the presence of the package as reported by the...

RHEL 8 : ceph (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Moment.js: Path traversal in moment.locale CVE-2022-24785 - ansi-regex is vulnerable to Inefficient Regul...

RHEL 8 : ceph (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - lapack: Out-of-bounds read in larrv CVE-2021-4048 - Beginning in v1.4.1 and prior to v1.4.9, due to an...

Security Bulletin: Vulnerabilities in Node.js, OpenSSL, trim, and Chalk ansi-regex module might affect IBM Storage Defender – Data Protect

Summary IBM Storage Defender – Data Protect is vulnerable and that can result in runtime errors, denial of service attacks, remote code execution, remote access authentication bypass, and the ability to obtain sensitive information. The vulnerabilities have been addressed. Vulnerability Details...

Security Bulletin: Vulnerability found in Turf.js which is shipped with IBM® Intelligent Operations Center(CVE-2021-3807)

Summary Multiple vulnerabilities have been identified in Turf.js which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

Security Bulletin: Security Vulnerabilities in moment, ansi-regex, Node.js, and minimatch may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2022-31129, CVE-2022-24785, CVE-2021-3807, CVE-2022-29244, CVE-2022-3517)

Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in moment, ansi-regex, Node.js, and minimatch. Vulnerabilities include denial of service attacks, obtaining sensitive information, and directory traversal, as described by the CVEs in th...

SUSE CVE-2021-3807

ansi-regex is vulnerable to Inefficient Regular Expression Complexity...

Rocky Linux 9 : nodejs and nodejs-nodemon (RLSA-2022:6595)

The remote Rocky Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2022:6595 advisory. - npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces,...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, swagger, jQuery, Netty, Apache commons, validator.js, Chalk ansi-regex, Json-schema, Java SE and IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2021-4453...

Important: Red Hat Security Advisory: Red Hat Fuse 7.11.0 release and security update

A minor version update from 7.10 to 7.11 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scorin...

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

Security Bulletin: IBM Integration Bus is vulnerable to denial of service due to ansi-regex module (CVE-2021-3807)

Summary IBM Integration Bus is vulnerable to a denial of service, due to the ansi-regex module for Node.js CVE-2021-3807. This affects the version of Node.js which is shipped with IBM Integration Bus for which a mitigation has been recommended. Vulnerability Details CVEID: CVE-2021-3807...

Nextcloud: @nextcloud/logger NPM package brings vulnerable ansi-regex version

Summary: Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the sub-patterns \;? and ?:;-a-zA-Z\d\/&.:=?%@. Details: Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate...

AlmaLinux 8 : nodejs:16 (ALSA-2021:5171)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:5171 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-paren...

AlmaLinux 8 : nodejs:14 (ALSA-2022:0350)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0350 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-paren...

openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2022:0704-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0704-1 advisory. - All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and...