Lucene search
+L

7 matches found

Node.js
Node.js
added 2021/06/10 5:26 p.m.67 views

Uncontrolled Resource Consumption in locutus

Overview locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function. Recommendation Upgrade to version 2.0.15 or later References - CVE - GitHub Advisory...

5CVSS5.3AI score0.01936EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2021/06/10 5:25 p.m.7 views

@random-guys/coralpay-pgp (>=0.0.1 <=0.1.0), @woocommerce/components (>=1.0.0 <=1.0.1) +4 more potentially affected by CVE-2021-23392 via locutus (>=2.0.10 <=2.0.14)

locutus NPM version =2.0.10, =0.0.1, =1.0.0, =1.1.0, =1.0.2, =1.0.52, =0.1.0, =0.2.1 Source cves: CVE-2021-23392 Source advisory: OSV:GHSA-39Q4-P535-C852...

7.5CVSS7.1AI score0.01936EPSS
Exploits1
NVD
NVD
added 2021/06/08 8:15 a.m.20 views

CVE-2021-23392

The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function...

7.5CVSS0.01936EPSS
Exploits1References3
CVE
CVE
added 2021/06/08 7:45 a.m.57 views

CVE-2021-23392

The issue affects locutus (JavaScript/Node.js package) before version 2.0.15, where the gopher_parsedir function is vulnerable to Regular Expression Denial of Service (ReDoS). The root cause is a flaw in gopher_parsedir that can be exploited to cause high CPU/denial by crafted input. The recommen...

7.5CVSS6.2AI score0.01936EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/06/08 7:45 a.m.31 views

CVE-2021-23392 Regular Expression Denial of Service (ReDoS)

The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function...

5.3CVSS7.7AI score0.01936EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/06/08 7:42 a.m.3 views

CVE-2021-23392

The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function...

7.5CVSS5.3AI score0.01936EPSS
Exploits1References4
Metasploit
Metasploit
added 2017/12/07 3:45 p.m.17 views

ws - Denial of Service

This module exploits a Denial of Service vulnerability in npm module "ws". By sending a specially crafted value of the Sec-WebSocket-Extensions header on the initial WebSocket upgrade request, the ws component will crash. This module requires Metasploit: https://metasploit.com/download Current...

7.2AI score
Exploits0
Rows per page
Query Builder