Lucene search
K

7 matches found

Hacker One
Hacker One
added 2023/02/20 11:44 a.m.22 views

Mozilla: Missing Function Level Access Control in Mozilla formula containsRegular Expression Denial of Service (CVE-2023-25166)

Vulnerability description not provided...

6.5CVSS6.5AI score0.00611EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/02/08 10:38 p.m.4 views

fast2render (>=4.1.67 <=4.1.79) potentially affected by CVE-2023-25166 via @sideway/formula (=3.0.0)

@sideway/formula NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @sideway/formula and may be impacted: - fast2render =4.1.67, =4.1.79 Source cves: CVE-2023-25166 Source advisory: OSV:GHSA-C2JC-4FPR-4VHG...

6.5CVSS6.5AI score0.00611EPSS
Exploits0
NVD
NVD
added 2023/02/08 8:15 p.m.31 views

CVE-2023-25166

formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability...

6.5CVSS5.8AI score0.00611EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/08 7:28 p.m.23 views

CVE-2023-25166 Regular Expression Denial of Service (ReDoS) Vulnerability

formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability...

5.5CVSS6.7AI score0.00611EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/08 7:28 p.m.6 views

CVE-2023-25166 Regular Expression Denial of Service (ReDoS) Vulnerability

formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability...

5.5CVSS6.2AI score0.00611EPSS
Exploits0References2
CVE
CVE
added 2023/02/08 7:28 p.m.74 views

CVE-2023-25166

CVE-2023-25166 describes a Regular Expression Denial of Service in the formula parser used by the @sideway/formula module (and related formula parser) where user-supplied strings can trigger complex ReDoS behavior, leading to potential denial of service. The entry shows affected IBM Cognos Analyt...

6.5CVSS5.8AI score0.00611EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/02/08 7:28 p.m.26 views

CVE-2023-25166 Regular Expression Denial of Service (ReDoS) Vulnerability

formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability...

5.5CVSS6.8AI score0.00611EPSS
Exploits0References4
Rows per page
Query Builder