Lucene search
K

231 matches found

Prion
Prion
added 2018/06/07 2:29 a.m.12 views

Input validation

slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds...

5CVSS7.4AI score0.01584EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/06/07 2:29 a.m.13 views

Design/Logic Flaw

The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds...

5CVSS7.5AI score0.01503EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.20 views

CVE-2017-16117

slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds...

7.4AI score0.01584EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.25 views

CVE-2017-16115

The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds...

7.4AI score0.01503EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2018/06/07 2:0 a.m.24 views

CVE-2017-16119

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

7.5CVSS7.4AI score0.01584EPSS
Exploits0
OSV
OSV
added 2018/06/04 7:29 p.m.5 views

CVE-2017-16030

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier...

7.5CVSS5.8AI score0.01162EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/06/04 7:0 p.m.21 views

CVE-2017-16030

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier...

7.4AI score0.01162EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2018/05/31 8:29 p.m.17 views

CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

7.5CVSS7.1AI score0.01286EPSS
Exploits0References2
OSV
OSV
added 2018/05/31 8:29 p.m.3 views

DEBIAN-CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

7.5CVSS6.8AI score0.01286EPSS
Exploits0References1
Prion
Prion
added 2018/05/31 8:29 p.m.14 views

Design/Logic Flaw

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

5CVSS6.8AI score0.01286EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/05/31 8:29 p.m.21 views

CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

7.5CVSS7.9AI score0.01286EPSS
Exploits0References1
OSV
OSV
added 2018/05/31 8:29 p.m.10 views

CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

7.5CVSS7.4AI score
Exploits0References1
OSV
OSV
added 2018/05/31 8:29 p.m.4 views

UBUNTU-CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

7.5CVSS7.1AI score0.01286EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.21 views

CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

7.5AI score0.01286EPSS
Exploits0References1
Veracode
Veracode
added 2017/09/27 5:34 a.m.17 views

Regular Expression Denial Of Service (ReDoS)

forwarded is vulnerable to regular expression denial of service ReDoS. A flaw when the x-forwarded-for header is parsed causes the event loop to be blocked...

7.5CVSS7.4AI score0.01947EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2017/09/27 3:18 a.m.19 views

Regular Expression Denial Of Service (ReDoS)

fresh is vulnerable to regular expression denial of service ReDoS.The vulnerability exists when matching multiple ETags in If-None-Match which causes the event loop to be blocked...

7.5CVSS7.4AI score0.01584EPSS
Exploits0References3Affected Software1
Node.js
Node.js
added 2017/09/25 7:20 p.m.54 views

Regular Expression Denial of Service

Overview Affected versions of slug are vulnerable to a regular expression denial of service when parsing untrusted user input. The issue is low severity, as it takes 50,000 characters to cause the event loop to block for 2 seconds, About 50k characters can block the event loop for 2 seconds...

5CVSS4.8AI score0.01584EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2017/09/21 8:44 p.m.45 views

Regular Expression Denial of Service

Overview Affected versions of timespan are vulnerable to a regular expression denial of service when parsing dates. The amplification for this vulnerability is significant, with 50,000 characters resulting in the event loop being blocked for around 10 seconds. Recommendation No direct patch is...

5CVSS4.5AI score0.01503EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2017/09/21 4:12 a.m.83 views

Regular Expression Denial of Service

Overview Affected versions of marked are vulnerable to a regular expression denial of service. The amplification in this vulnerability is significant, with 1,000 characters resulting in the event loop being blocked for around 6 seconds. Recommendation Update to version 0.3.9 or later. References ...

5CVSS5.3AI score0.01758EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2017/04/17 3:10 a.m.11 views

Regular Expression Denial Of Service (ReDoS)

useragent is vulnerable to denial of service DoS attacks. These attacks are possible through the regular expression used to parse the useragent headers. If an attacker edits their own headers to create an extremely long useragent string, it will cause an event loop which blocks the server...

7.5CVSS7.2AI score0.01162EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder