253 matches found
CVE-2024-7610
A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch...
CVE-2020-13349
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are =8.12, =13.4, =13.5, 13.5.2...
CVE-2024-13926
The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:brace-expansion is a WebJar for brace-expansion. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the expand function, which is prone to catastrophic backtracking on very long malicious inputs. PoC js import index from...
Regular Expression Denial Of Service
uptime-kuma is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regex processing due to catastrophic backtracking triggered by crafted input during notification creation via the web service...
GHSA-HX7H-9VF7-5XHG Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Summary There is a ReDoS vulnerability risk in the system, specifically when administrators create notification through the web servicepushdeer and whapi. If a string is provided that triggers catastrophic backtracking in the regular expression, it may lead to a ReDoS attack. Details The regular...
Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Summary There is a ReDoS vulnerability risk in the system, specifically when administrators create notification through the web servicepushdeer and whapi. If a string is provided that triggers catastrophic backtracking in the regular expression, it may lead to a ReDoS attack. Details The regular...
USN-7365-1: NLTK vulnerabilities
It was discovered that NLTK contained a regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue to cause a denial of service. CVE-2021-3842, CVE-2021-43854...
USN-7365-1 nltk vulnerabilities
It was discovered that NLTK contained a regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue to cause a denial of service. CVE-2021-3842, CVE-2021-43854...
Ubuntu: Security Advisory (USN-7365-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-3RW8-4XRQ-3F7P Duplicate Advisory: Uptime Kuma ReDoS vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hx7h-9vf7-5xhg. This link is maintained to preserve external references. Original Description Uptime Kuma == 1.23.0 has a ReDoS vulnerability, specifically when an administrator creates a notification through th...
CVE-2025-26042
Uptime Kuma == 1.23.0 has a ReDoS vulnerability, specifically when an administrator creates a notification through the web service. If a string is provided it triggers catastrophic backtracking in the regular expression, leading to a ReDoS attack...
CVE-2025-26042
Uptime Kuma == 1.23.0 has a ReDoS vulnerability, specifically when an administrator creates a notification through the web service. If a string is provided it triggers catastrophic backtracking in the regular expression, leading to a ReDoS attack...
CVE-2025-26042
Uptime Kuma
Linux Distros Unpatched Vulnerability : CVE-2019-14232
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods...
CVE-2025-25290 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...
CVE-2025-25288 @octokit/plugin-paginate-rest has a Regular Expression in iterator that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a...
GHSA-RMVR-2PP2-XJ38 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Summary The regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regular Expression Denial of Service attack. This vulnerability arises due to the unbounded nature of the regex's matching behavior, which can lead to catastrophic...
GHSA-H5C3-5R3R-RR8Q @octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Summary For the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a malicious link parameter in the headers section of the request—can trigger a ReDoS attack. Details The issue occurs at line 39 of iterator.ts...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing could allow a remote attacker to cause a denial of service using a complex regular expression.
Summary Regular expressions are a formal language for identifying strings of text, parsing, and matching them. Most regular expressions engines are built over a non-deterministic Finite Automaton NFA. They use backtracking and, while these regular expression engines can quickly confirm a positive...