Lucene search
+L

34 matches found

Github Security Blog
Github Security Blog
added 2024/09/09 8:19 p.m.159 views

path-to-regexp outputs backtracking regular expressions

Impact A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period .. For example, /:a-:b. Patches For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. These versions add backtrack protection...

7.5CVSS7.3AI score0.00932EPSS
Exploits0References10Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/31 12:0 a.m.6 views

The vulnerability of the Django web application framework, related to the inefficient complexity of regular expressions, allows attackers to trigger a service failure.

The vulnerability of the Django web application framework relates to regular expressions for text trimming, which have linear complexity in their reverse path computation, potentially leading to slow performance. Exploiting this vulnerability could allow a remote attacker to cause service...

5.3CVSS6.6AI score0.01225EPSS
Exploits0References10Affected Software10
RedHat Linux
RedHat Linux
added 2023/05/03 3:54 p.m.4 views

rubygem-rails-html-sanitizer: Inefficient Regular Expression leading to denial of service

An inefficient Regular Expression vulnerability was found in rubygem rails-html-sanitizer. Certain configurations are susceptible to excessive backtracking, leading to a denial of service through CPU resource consumption...

7.5CVSS6.6AI score0.01454EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/01/21 12:0 a.m.6 views

perl-html-stripscripts 安全漏洞

perl-html-stripscripts is a Perl library. A security vulnerability exists in perl-html-stripscripts version 1.06 and earlier. An attacker can exploit this vulnerability to perform catastrophic backtracking on HTML content with specific style attributes...

7.5CVSS7.3AI score0.01116EPSS
Exploits1References9
Snyk
Snyk
added 2022/04/12 11:35 a.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to an expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Details Denial...

7.5CVSS6.7AI score0.03549EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/04/08 9:41 p.m.25 views

CVE-2019-14232

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...

7.5CVSS4AI score0.03502EPSS
Exploits0References4
OSV
OSV
added 2020/01/30 7:15 p.m.2 views

DEBIAN-CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

6.5CVSS7.1AI score0.06681EPSS
Exploits1References1
PyPA
PyPA
added 2019/08/02 3:15 p.m.9 views

PYSEC-2019-11

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...

7.5CVSS7AI score0.03502EPSS
Exploits0References11Affected Software1
UbuntuCve
UbuntuCve
added 2019/08/01 10:0 a.m.28 views

CVE-2019-14232

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...

7.5CVSS6.8AI score0.03502EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/10/16 5:38 p.m.6 views

django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html'

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...

5.3CVSS7.2AI score0.04457EPSS
Exploits0References5
OSV
OSV
added 2018/03/09 8:29 p.m.1 views

ALPINE-CVE-2018-7537

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...

5.3CVSS7AI score0.04457EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2018/03/09 8:0 p.m.112 views

CVE-2018-7537

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...

5.3CVSS5.6AI score0.04457EPSS
Exploits0
OSV
OSV
added 2018/03/06 2:0 p.m.2 views

UBUNTU-CVE-2018-7537

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...

5.3CVSS6.8AI score0.04457EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2018/03/06 12:0 a.m.7 views

PT-2018-1903

Name of the Vulnerable Software and Affected Versions Django versions 2.0 before 2.0.3 Django versions 1.11 before 1.11.11 Django versions 1.8 before 1.8.19 Description The issue is related to a catastrophic backtracking vulnerability in a regular expression used by the django.utils.text.Truncato...

5.3CVSS6.6AI score0.04457EPSS
Exploits0References164
Rows per page
Query Builder