Luxon Inefficient Regular Expression Complexity vulnerability

Impact Luxon's DateTime.fromRFC2822 has quadratic N^2 complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k characters. Users providing untrusted data to this method are therefore vulnerable to ReDoS attacks. This is the same bug as Moment's...

DEBIAN-CVE-2017-20165

A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. T...

CVE-2017-20165 debug-js debug node.js useColors redos

A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. T...

CVE-2017-20165

CVE-2017-20165 affects the debug-js package (debug up to 3.0.x). The vulnerability is in the useColors function in src/node.js, where manipulating the argument str leads to inefficient regular-expression complexity (ReDoS). A fix is available in version 3.1.0, and the patch is identified as c38a0...

CVE-2016-15015

A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The...

terminal-kit Inefficient Regular Expression Complexity vulnerability

A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affected is an unknown function. The manipulation leads to inefficient regular expression complexity. Upgrading to version 2.1.8 can address this issue. The name of the patch is...

GHSA-WXGH-8GMR-3QH3 terminal-kit Inefficient Regular Expression Complexity vulnerability

A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affected is an unknown function. The manipulation leads to inefficient regular expression complexity. Upgrading to version 2.1.8 can address this issue. The name of the patch is...

CVE-2021-4306

A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affected is an unknown function. The manipulation leads to inefficient regular expression complexity. Upgrading to version 2.1.8 is able to address this issue. The name of the patch is...

CVE-2014-125059

A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blogindex of the file main.c. The manipulation of the argument postpath leads to file inclusion. The attack may be initiated remotely. The complexity of an attack is...

Design/Logic Flaw

A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blogindex of the file main.c. The manipulation of the argument postpath leads to file inclusion. The attack may be initiated remotely. The complexity of an attack is...

CVE-2014-125059 sternenseemann sternenblog main.c blog_index file inclusion

A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blogindex of the file main.c. The manipulation of the argument postpath leads to file inclusion. The attack may be initiated remotely. The complexity of an attack is...

Design/Logic Flaw

A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known t...

Design/Logic Flaw

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult...

CVE-2014-125056 Pylons horus services.py timing discrepancy

A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known t...

CVE-2014-125055 agnivade easy-scrypt scrypt.go VerifyPassphrase timing discrepancy

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult...

GHSA-W9MR-4MFR-499F Vercel ms Inefficient Regular Expression Complexity vulnerability

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

GHSA-6G33-8W2Q-4HXV robots-txt-guard Inefficient Regular Expression Complexity vulnerability

A vulnerability was found in Woorank robots-txt-guard. It has been rated as problematic. Affected by this issue is the function makePathPattern of the file lib/patterns.js. The manipulation of the argument pattern leads to inefficient regular expression complexity. The exploit has been disclosed ...

robots-txt-guard Inefficient Regular Expression Complexity vulnerability

A vulnerability was found in Woorank robots-txt-guard. It has been rated as problematic. Affected by this issue is the function makePathPattern of the file lib/patterns.js. The manipulation of the argument pattern leads to inefficient regular expression complexity. The exploit has been disclosed ...

Vercel ms Inefficient Regular Expression Complexity vulnerability

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

AZL-43849 CVE-2017-20162 affecting package nodejs-nodemon 2.0.3-4

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...