Lucene search
+L

33 matches found

osv
osv
added 2026/06/20 6:27 p.m.4 views

CVE-2025-71379 vllm - Regular Expression Denial of Service in Multiple Components

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS6AI score0.00321EPSS
Exploits1References4
snyk
snyk
added 2026/05/18 8:23 p.m.9 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...

8.7CVSS5.8AI score0.00086EPSS
Exploits0References2
nvd
nvd
added 2026/03/26 7:17 p.m.3 views

CVE-2026-4923

Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...

5.9CVSS0.00353EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/03/26 4:16 p.m.2 views

CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS5.9AI score0.00496EPSS
Exploits0References4
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-0035

Malware in sbrugna...

7.5CVSS7.7AI score0.03502EPSS
Exploits0References29
cvelist
cvelist
added 2025/08/19 1:19 p.m.32 views

CVE-2025-4690 AngularJS 'linky' filter ReDoS

A regular expression used by AngularJS' linky https://docs.angularjs.org/api/ngSanitize/filter/linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a Regular expression Denial of Service ReDoS...

4.3CVSS0.00196EPSS
Exploits0References2
cve
cve
added 2025/08/19 1:19 p.m.30 views

CVE-2025-4690

CVE-2025-4690 concerns the regular expression used by AngularJS’ ngSanitize/filter/linky to detect URLs. The underlying regex is vulnerable to super-linear runtime due to backtracking, enabling a Regular Expression Denial of Service (ReDoS) attack when fed large crafted inputs. The issue affects ...

4.3CVSS6.2AI score0.00196EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/08/19 12:0 a.m.9 views

PT-2025-33727 · Google · Angularjs

Name of the Vulnerable Software and Affected Versions: AngularJS affected versions not specified Description: A regular expression used by the AngularJS linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking, potentially leading to a Regular expression...

4.3CVSS6.8AI score0.00196EPSS
Exploits0References7
ibm
ibm
added 2025/03/05 4:17 p.m.15 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to backtracking (CVE-2024-52798)

Summary There is a vulnerability in path-to-regexp used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a...

8.7CVSS6.5AI score0.00792EPSS
Exploits0Affected Software1
osv
osv
added 2025/02/22 1:14 p.m.14 views

CLSA-2025-1740230077 Fix CVE(s): CVE-2024-6232, CVE-2024-6923

SECURITY UPDATE: Regular expressions that allowed excessive backtracking during tarfile header parsing - debian/patches/CVE-2024-6232.patch: Fix header parsing vulnerability that could lead to ReDoS - CVE-2024-6923...

7.5CVSS6.8AI score0.02203EPSS
Exploits2References1
nvd
nvd
added 2024/12/05 11:15 p.m.27 views

CVE-2024-52798

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

8.7CVSS0.00792EPSS
Exploits0References3
osv
osv
added 2024/12/05 11:15 p.m.7 views

UBUNTU-CVE-2024-52798

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

8.7CVSS6.7AI score0.00792EPSS
Exploits0References4
cve
cve
added 2024/12/05 10:45 p.m.4530 views

CVE-2024-52798

CVE-2024-52798 concerns the path-to-regexp library. The DoS arises when path-to-regexp outputs regex patterns that backtrack, enabling high CPU/blocked event loop in vulnerable inputs. Public sources reference the 0.1.x line as the origin and recommend upgrading specifically to 0.1.12; later advi...

8.7CVSS6.3AI score0.00792EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/12/05 10:45 p.m.44 views

CVE-2024-52798 path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

8.7CVSS6.3AI score0.00792EPSS
Exploits0References2
osv
osv
added 2024/12/05 10:40 p.m.4 views

GHSA-RHX6-C78J-4Q9W path-to-regexp contains a ReDoS

Impact The regular expression that is vulnerable to backtracking can be generated in versions before 0.1.12 of path-to-regexp, originally reported in CVE-2024-45296 Patches Upgrade to 0.1.12. Workarounds Avoid using two parameters within a single path segment, when the separator is not . e.g. no...

8.7CVSS6.8AI score0.00792EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2024/12/05 12:0 a.m.3 views

PT-2024-35449

Name of the Vulnerable Software and Affected Versions path-to-regexp versions 0.1.x through 0.1.11 Description The issue concerns a performance vulnerability in path-to-regexp, where certain inputs can generate regular expressions vulnerable to backtracking, leading to poor performance. This...

8.7CVSS6.6AI score0.00792EPSS
Exploits0References24
astralinux
astralinux
added 2024/11/23 3:4 a.m.7 views

Astra Linux – Vulnerability in Python 3.11

There is a medium-severity vulnerability affecting CPython. Regular expressions that allow excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS through specifically crafted tar archives...

7.5CVSS6.7AI score0.02203EPSS
Exploits2References3
redhat
redhat
added 2024/11/04 6:0 a.m.4 views

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

7.5CVSS7.2AI score0.02203EPSS
Exploits2References7
redhat
redhat
added 2024/10/23 1:29 p.m.6 views

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

7.5CVSS7.2AI score0.02203EPSS
Exploits2References7
github
github
added 2024/09/09 8:19 p.m.158 views

path-to-regexp outputs backtracking regular expressions

Impact A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period .. For example, /:a-:b. Patches For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. These versions add backtrack protection...

7.5CVSS7.3AI score0.00932EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder