214 matches found
PT-2025-32158
Name of the Vulnerable Software and Affected Versions Hugging Face Transformers versions up to 4.51.3 Description A Regular Expression Denial of Service ReDoS vulnerability exists in the convert tf weight name to pt weight name function of the Hugging Face Transformers library. This function, whi...
Security Bulletin: IBM Storage Ceph is vulnerable to Inefficient Regular Expression Complexity in Babel via Grafana (CVE-2025-27789)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. CVE-2025-27789 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When...
rexml: REXML ReDoS vulnerability
A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...
GHSA-37MW-44QP-F5JM Transformers is vulnerable to ReDoS attack through its DonutProcessor class
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.51.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...
CVE-2025-7074
A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack...
CVE-2025-7074
CVE-2025-7074 affects vercel hyper up to v3.4.1, specifically the expand/braceExpand/ignoreMap function in hyper/bin/rimraf-standalone.js. The issue is inefficient regular expression complexity (redos) that can be triggered remotely, and the exploit has been disclosed publicly. Multiple connected...
CVE-2025-43880
Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service DoS condition...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:codemirror is a versatile text editor implemented in JavaScript for the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via multiple locations in markdown.js. An attacker can cause excessive resource consumption by...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.bower:codemirror is a versatile text editor implemented in JavaScript for the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via multiple locations in markdown.js. An attacker can cause excessive resource consumption by...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...
Regular expression Denial of Service - ReDoS
Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's MarianTokenizer. The vulnerability exists in the removelanguagecode method of the MarianTokenizer class, which processes text to remove language codes. The method...
EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-1642)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials...
GHSA-F5XG-CFPJ-2MW6 taro-css-to-react-native Regular Expression Denial of Service vulnerability
A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely...
taro-css-to-react-native Regular Expression Denial of Service vulnerability
A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely...
CVE-2022-24294
A regular expression used in Apache MXNet incubating is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to u...
CVE-2022-39280
dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version...
CVE-2020-2288
In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling...
CVE-2019-25102
A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input :/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack...
CVE-2018-7651
index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string...
CVE-2025-3986
A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...