34 matches found
path-to-regexp outputs backtracking regular expressions
Impact A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period .. For example, /:a-:b. Patches For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. These versions add backtrack protection...
The vulnerability of the Django web application framework, related to the inefficient complexity of regular expressions, allows attackers to trigger a service failure.
The vulnerability of the Django web application framework relates to regular expressions for text trimming, which have linear complexity in their reverse path computation, potentially leading to slow performance. Exploiting this vulnerability could allow a remote attacker to cause service...
rubygem-rails-html-sanitizer: Inefficient Regular Expression leading to denial of service
An inefficient Regular Expression vulnerability was found in rubygem rails-html-sanitizer. Certain configurations are susceptible to excessive backtracking, leading to a denial of service through CPU resource consumption...
perl-html-stripscripts 安全漏洞
perl-html-stripscripts is a Perl library. A security vulnerability exists in perl-html-stripscripts version 1.06 and earlier. An attacker can exploit this vulnerability to perform catastrophic backtracking on HTML content with specific style attributes...
Regular Expression Denial of Service (ReDoS)
Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to an expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Details Denial...
CVE-2019-14232
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...
DEBIAN-CVE-2020-8492
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...
PYSEC-2019-11
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...
CVE-2019-14232
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...
django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html'
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...
ALPINE-CVE-2018-7537
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...
CVE-2018-7537
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...
UBUNTU-CVE-2018-7537
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...
PT-2018-1903
Name of the Vulnerable Software and Affected Versions Django versions 2.0 before 2.0.3 Django versions 1.11 before 1.11.11 Django versions 1.8 before 1.8.19 Description The issue is related to a catastrophic backtracking vulnerability in a regular expression used by the django.utils.text.Truncato...