Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...

CVE-2026-4923

Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...

CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

EUVD-2019-0035

Malware in sbrugna...

CVE-2025-4690 AngularJS 'linky' filter ReDoS

A regular expression used by AngularJS' linky https://docs.angularjs.org/api/ngSanitize/filter/linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a Regular expression Denial of Service ReDoS...

CVE-2025-4690

CVE-2025-4690 concerns the regular expression used by AngularJS’ ngSanitize/filter/linky to detect URLs. The underlying regex is vulnerable to super-linear runtime due to backtracking, enabling a Regular Expression Denial of Service (ReDoS) attack when fed large crafted inputs. The issue affects ...

PT-2025-33727 · Google · Angularjs

Name of the Vulnerable Software and Affected Versions: AngularJS affected versions not specified Description: A regular expression used by the AngularJS linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking, potentially leading to a Regular expression...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to backtracking (CVE-2024-52798)

Summary There is a vulnerability in path-to-regexp used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a...

CLSA-2025-1740230077 Fix CVE(s): CVE-2024-6232, CVE-2024-6923

SECURITY UPDATE: Regular expressions that allowed excessive backtracking during tarfile header parsing - debian/patches/CVE-2024-6232.patch: Fix header parsing vulnerability that could lead to ReDoS - CVE-2024-6923...

CVE-2024-52798

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

UBUNTU-CVE-2024-52798

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

CVE-2024-52798

CVE-2024-52798 concerns the path-to-regexp library. The DoS arises when path-to-regexp outputs regex patterns that backtrack, enabling high CPU/blocked event loop in vulnerable inputs. Public sources reference the 0.1.x line as the origin and recommend upgrading specifically to 0.1.12; later advi...

CVE-2024-52798 path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

GHSA-RHX6-C78J-4Q9W path-to-regexp contains a ReDoS

Impact The regular expression that is vulnerable to backtracking can be generated in versions before 0.1.12 of path-to-regexp, originally reported in CVE-2024-45296 Patches Upgrade to 0.1.12. Workarounds Avoid using two parameters within a single path segment, when the separator is not . e.g. no...

PT-2024-35449

Name of the Vulnerable Software and Affected Versions path-to-regexp versions 0.1.x through 0.1.11 Description The issue concerns a performance vulnerability in path-to-regexp, where certain inputs can generate regular expressions vulnerable to backtracking, leading to poor performance. This...

Astra Linux – Vulnerability in Python 3.11

There is a medium-severity vulnerability affecting CPython. Regular expressions that allow excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS through specifically crafted tar archives...

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

path-to-regexp outputs backtracking regular expressions

Impact A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period .. For example, /:a-:b. Patches For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. These versions add backtrack protection...

The vulnerability of the Django web application framework, related to the inefficient complexity of regular expressions, allows attackers to trigger a service failure.

The vulnerability of the Django web application framework relates to regular expressions for text trimming, which have linear complexity in their reverse path computation, potentially leading to slow performance. Exploiting this vulnerability could allow a remote attacker to cause service...