CVE-2026-8159 multiparty vulnerable to ReDoS via filename parsing

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

EUVD-2019-11408

Malware in sbrugna...

Regular Expression Denial of Service (ReDoS)

Overview markdown-it is a modern pluggable markdown parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching...

CLSA-2025-1739904482 Fix CVE(s): CVE-2024-6232, CVE-2024-6923

SECURITY UPDATE: Regular expressions that allowed excessive backtracking during tarfile - debian/patches/CVE-2024-6232.patch: Fix header parsing vulnerability that could lead to ReDoS - CVE-2024-6923...

@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary For the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a malicious link parameter in the headers section of the request—can trigger a ReDoS attack. Details The issue occurs at line 39 of iterator.ts...

Important: python3

Issue Overview: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. CVE-2024-6232 Affected Packages: python3 Note: This advisory is...

PT-2024-10840 · Nescalante · Url-Regex

Name of the Vulnerable Software and Affected Versions: nescalante urlregex versions up to 0.5.0 Description: A vulnerability was found in the nescalante urlregex component, affecting some unknown processing of the file index.js of the Backtracking component. The manipulation leads to inefficient...

DEBIAN-CVE-2024-4067

The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...

SUSE CVE-2022-24836

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri = 1.13.4. There are no known workarounds for this issue...

Nokogiri 安全漏洞

Nokogiri is an open source software library for parsing HTML and XML in Ruby. A security vulnerability exists in versions prior to Nokogiri 1.13.4 that stems from its susceptibility to excessive backtracking when attempting to detect encoding in HTML documents...

PT-2022-4890

Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.13.4 Description The issue is related to an inefficient regular expression in the Nokogiri library, which can lead to excessive backtracking when detecting encoding in HTML documents. This can be exploited by a...

PT-2022-13660 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.1 through 14.7.7 GitLab CE/EE versions 14.8.0 through 14.8.5 GitLab CE/EE versions 14.9.0 through 14.9.2 Description: A potential DOS issue was discovered in GitLab CE/EE. The API to update an asset as a link from a...

DEBIAN-CVE-2021-32839

sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. On...

DEBIAN-CVE-2019-14232

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...

Code injection

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service CPU consumption via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service ReDoS."...

UBUNTU-CVE-2014-4720

Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service CPU consumption via vectors related to "backtracking into the phrase," a different vulnerability than CVE-2014-0477...

DEBIAN-CVE-2007-1661

Perl-Compatible Regular Expression PCRE library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service crash, as demonstrated by the "\X?\d...