Regular Expression Denial Of Service (ReDoS)

cvesearch is vulnerable to regular expression denial of service. The vulnerability exists due to lack of sanitization of user inputs in cvesForCPE function of DatabaseLayer.py which allows a malicious user to cause a ReDoS...

PT-2021-24242 · Unknown · Cve-Search

Name of the Vulnerable Software and Affected Versions: cve-search versions prior to 4.1.0 Description: The issue in cve-search allows regular expression injection, which can lead to ReDoS regular expression denial of service or other impacts. This occurs in the lib/DatabaseLayer.py file...