7 matches found
Uncontrolled Resource Consumption in locutus
Overview locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function. Recommendation Upgrade to version 2.0.15 or later References - CVE - GitHub Advisory...
@random-guys/coralpay-pgp (>=0.0.1 <=0.1.0), @woocommerce/components (>=1.0.0 <=1.0.1) +4 more potentially affected by CVE-2021-23392 via locutus (>=2.0.10 <=2.0.14)
locutus NPM version =2.0.10, =0.0.1, =1.0.0, =1.1.0, =1.0.2, =1.0.52, =0.1.0, =0.2.1 Source cves: CVE-2021-23392 Source advisory: OSV:GHSA-39Q4-P535-C852...
CVE-2021-23392
The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function...
CVE-2021-23392
The issue affects locutus (JavaScript/Node.js package) before version 2.0.15, where the gopher_parsedir function is vulnerable to Regular Expression Denial of Service (ReDoS). The root cause is a flaw in gopher_parsedir that can be exploited to cause high CPU/denial by crafted input. The recommen...
CVE-2021-23392 Regular Expression Denial of Service (ReDoS)
The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function...
CVE-2021-23392
The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function...
ws - Denial of Service
This module exploits a Denial of Service vulnerability in npm module "ws". By sending a specially crafted value of the Sec-WebSocket-Extensions header on the initial WebSocket upgrade request, the ws component will crash. This module requires Metasploit: https://metasploit.com/download Current...