Regular Expression Denial of Service

Overview fast-csv and @fast-csv/parse before version 4.3.6 has a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. Impact You will only be affected by this if you use the ignoreEmpty parsing option. If you do use this option it is...

CVE-2020-26256

CVE-2020-26256 affects the fast-csv family (fast-csv and @fast-csv/parse) prior to version 4.3.6. The vulnerability is a Regular Expression Denial of Service (ReDoS) caused by the EMPTY_ROW_REGEXP when parsing with the ignoreEmpty option. A remote attacker could trigger a denial of service; docum...

CVE-2020-26256 Denial of service in fast-csv

Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. This has been patched in v4.3.6 You will...

6brain (>=0.0.1 <=0.0.2), 6sense (>=0.0.1 <=1.0.4) +648 more potentially affected by CVE-2020-26256 via fast-csv (>=0.0.0 <=4.3.5)

fast-csv NPM version =0.0.0, =0.0.1, =0.0.1, =0.0.42, =3.8.0, =0.0.23, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.0.0, =0.0.3, =0.1.10 and more Source cves: CVE-2020-26256 Source advisory: OSV:GHSA-8CV5-P934-3HWP...

@here/cli (>=1.5.0 <=1.6.1), @node-amazon/mws (>=0.0.2 <=0.0.3) +10 more potentially affected by CVE-2020-26256 via @fast-csv/parse (>=4.1.4 <=4.3.3)

@fast-csv/parse NPM version =4.1.4, =1.5.0, =0.0.2, =2.1.0, =1.0.0, =1.2.127, =1.2.135, =1.2.111, =6.42.0, =4.1.4, =0.0.1, =0.0.6 Source cves: CVE-2020-26256 Source advisory: OSV:GHSA-8CV5-P934-3HWP...

GHSA-8CV5-P934-3HWP Denial of service in fast-csv

Impact Possible ReDoS Regular Expression Denial of Service when using ignoreEmpty option when parsing. Patches This has been patched in v4.3.6 Workarounds You will only be affected by this if you use the ignoreEmpty parsing option. If you do use this option it is recommended that you upgrade to t...

Security Bulletin: Multiple security vulnerabilities with Administration Console for Content Platform Engine component in IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4447, CVE-2020-4759

Summary The embedded Content Platform Engine Component, which includes Administration Console for Content Platform Engine ACCE, that is shipped with IBM Business Process Manager and IBM Business Automation Workflow is vulnerable to a cross-site scripting vulnerability and a CSV Injection...

ChurchCRM 4.2.0 CSV Injection

Exploit Title: ChurchCRM 4.2.1- CSV/Formula Injection Date: 2020- 10- 24 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://churchcrm.io/ Software Link: https://github.com/ChurchCRM/CRM Version: 4.2.0 Payload: =10+20+cmd|' /C calc'!A0 Tested on: Kali Linux 2020.3 Proof Of Concept: CSV...

ChurchCRM 4.2.0 - CSV/Formula Injection

Exploit Title: ChurchCRM 4.2.1- CSV/Formula Injection Date: 2020- 10- 24 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://churchcrm.io/ Software Link: https://github.com/ChurchCRM/CRM Version: 4.2.0 Payload: =10+20+cmd|' /C calc'!A0 Tested on: Kali Linux 2020.3 Proof Of Concept: CSV...

OnionSearch - A Script That Scrapes Urls On Different .Onion Search Engines

OnionSearch is a Python3 script that scrapes urls on different ".onion" search engines. Prerequisite Python 3  Currently supported Search engines ahmia darksearchio onionland notevil darksearchenginer phobos onionsearchserver torgle onionsearchengine tordex tor66 tormax haystack multivac evosear...

Tendenci 12.3.1 - CSV/ Formula Injection

Exploit Title: Tendenci 12.3.1 - CSV/ Formula Injection Date: 2020-10-29 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.tendenci.com/ Software Link: https://github.com/tendenci/tendenci Version: 12.3.1 Payload: =10+20+cmd|' /C calc'!A0 Tested on: Kali Linux 2020.3 Proof Of...

CVE-2020-4627

IBM Cloud Pak for Security 1.3.0.1CP4S potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367...

CVE-2020-4627

IBM Cloud Pak for Security 1.3.0.1CP4S potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367...

Input validation

IBM Cloud Pak for Security 1.3.0.1CP4S potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367...

CVE-2020-4627

IBM Cloud Pak for Security 1.3.0.1CP4S potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367...

CVE-2020-4627

CVE-2020-4627 affects IBM Cloud Pak for Security (CP4S) version 1.3.0.1, where a vulnerability in the handling/validation of CSV file contents could allow a remote attacker to execute arbitrary commands. The root cause is improper validation of CSV data leading to CVS Injection. The IBM security ...

Fedora: Security Advisory for rpki-client (FEDORA-2020-ce591c8f46)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 31 Update: rpki-client-6.8p1-1.fc31

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

[SECURITY] Fedora 32 Update: rpki-client-6.8p1-1.fc32

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

[SECURITY] Fedora 33 Update: rpki-client-6.8p1-1.fc33

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...