3626 matches found
Cisco IOS XE Software Denial of Service Vulnerability (CNVD-2021-80661)
Cisco IOS XE Software is an operating system from the U.S. company Cisco Cisco. A single operating system for enterprise wired and wireless access, aggregation, core and WAN, Cisco IOS XE reduces business and network complexity.Cisco IOS XE Software suffers from a denial-of-service vulnerability...
Trane Symbio (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Trane Equipment: Symbio 700 and Symbio 800 controllers Vulnerability: Code Injection 2. UPDATE INFORMATION The updated advisory is a follow-up to the original advisory titled ICSA-21-266-01 Trane Symbio that was published...
Inefficient Regular Expression Complexity in tapjs/tap-mocha-reporter
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in tap-mocha-reporter. The ReDoS vulnerability is mainly due to the regex /^\s+|\s+$|/g and can be exploited with the following code. Proof of Concept // PoC.js var tapMochaReporter =...
Inefficient Regular Expression Complexity in validatorjs/validator.js
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in validator. It allows cause a denial of service when calling function 'rtrim'. The ReDoS vulnerability is mainly due to the regex /\s+$/g and can be exploited with the following code. Proof of Concept ...
GHSA-RP65-9CF3-CJXR Inefficient Regular Expression Complexity in nth-check
There is a Regular Expression Denial of Service ReDoS vulnerability in nth-check that causes a denial of service when parsing crafted invalid CSS nth-checks. The ReDoS vulnerabilities of the regex are mainly due to the sub-pattern \s?:+-?\s\d+? with quantified overlapping adjacency and can be...
Inefficient Regular Expression Complexity in vuelidate
vuelidate is a simple, lightweight model-based validation for Vue.js 2.x & 3.0. A ReDoS regular expression denial of service flaw was found in the @vuelidate/validators package. An attacker that is able to provide crafted input to the urlinput function may cause an application to consume an...
Inefficient Regular Expression Complexity in chalk/ansi-regex
ansi-regex is vulnerable to Inefficient Regular Expression Complexity which could lead to a denial of service when parsing invalid ANSI escape codes. Proof of Concept js import ansiRegex from 'ansi-regex'; forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = "\u001B"+";".repeati10000...
GHSA-49X3-8228-3W3M Inefficient Regular Expression Complexity in code-server
code-server is vulnerable to Inefficient Regular Expression Complexity...
Inefficient Regular Expression Complexity in code-server
code-server is vulnerable to Inefficient Regular Expression Complexity...
Inefficient Regular Expression Complexity in taro
taro is vulnerable to Inefficient Regular Expression Complexity...
Inefficient Regular Expression Complexity in alvations/sacremoses
✍️ Description The sacremoses package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted text as input to the hasnumericonly function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex...
Inefficient Regular Expression Complexity in mochajs/mocha
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in mocha. It allows cause a denial of service when stripping crafted invalid function definition from strs. The ReDoS vulnerability is mainly due to the regex...
CVE-2021-3801
Insufficient Regular Expression Complexity in prismjs leads to a Regular Expression Denial of Service ReDoS attack. An unauthenticated attacker can exploit this flaw to cause an application to consume an excess amount of CPU by providing a crafted HTML comment as input. This can result in a denia...
Inefficient Regular Expression Complexity in validatorjs/validator.js
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in validator. It allows cause a denial of service when validating crafted invalid MagnetURIs. The ReDoS vulnerability is mainly due to the sub-pattern .+&tr=.+ with quantified overlapping adjacency and c...
CVE-2021-3804
taro is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-3810
code-server is vulnerable to Inefficient Regular Expression Complexity...
DEBIAN-CVE-2021-3803
nth-check is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-3803
nth-check is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-3810
code-server is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-3807
ansi-regex is vulnerable to Inefficient Regular Expression Complexity...