7 matches found
Mozilla: Missing Function Level Access Control in Mozilla formula containsRegular Expression Denial of Service (CVE-2023-25166)
Vulnerability description not provided...
fast2render (>=4.1.67 <=4.1.79) potentially affected by CVE-2023-25166 via @sideway/formula (=3.0.0)
@sideway/formula NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @sideway/formula and may be impacted: - fast2render =4.1.67, =4.1.79 Source cves: CVE-2023-25166 Source advisory: OSV:GHSA-C2JC-4FPR-4VHG...
CVE-2023-25166
formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability...
CVE-2023-25166 Regular Expression Denial of Service (ReDoS) Vulnerability
formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability...
CVE-2023-25166 Regular Expression Denial of Service (ReDoS) Vulnerability
formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability...
CVE-2023-25166
CVE-2023-25166 describes a Regular Expression Denial of Service in the formula parser used by the @sideway/formula module (and related formula parser) where user-supplied strings can trigger complex ReDoS behavior, leading to potential denial of service. The entry shows affected IBM Cognos Analyt...
CVE-2023-25166 Regular Expression Denial of Service (ReDoS) Vulnerability
formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability...