Regular Expression Denial of Service (ReDoS)

Overview fastapi-guard is a Security library for FastAPI to control IPs and more. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the SusPatternsManager class in the suspatternshandler.py file. An attacker can cause excessive resource consumption...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression DoS and command injection due to the python package (CVE-2024-6232, CVE-2024-9287)

Summary Python is used by DataStage on Cloud Pak for Data as part of data processing functionality. Vulnerability Details CVEID:CVE-2024-6232 DESCRIPTION: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile...

DEBIAN-CVE-2025-54090

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...

Apache httpd -- evaluation always true

The Apache httpd project reports: 'RewriteCond expr' always evaluates to true in 2.4.64...

Regular Expression Denial Of Service (ReDoS)

@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression handling in the parseJSONLikeConfig API's input parsing, which allows an attacker to trigger excessive backtracking...

Regular Expression Denial of Service (ReDoS)

Overview pymdown-extensions is an Extension pack for Python Markdown. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the figure caption extension, pymdownx.blocks.caption. A user could exploit this vulnerability by crafting a malicious input tha...

Debian dla-4242 : libjs-angularjs - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4242 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4242-1 [email protected]...

[SECURITY] [DLA 4242-1] angular.js security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4242-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès July 20, 2025 https://wiki.debian.org/LTS -...

GHSA-XFFM-G5W8-QVG7 @eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser

Summary The ConfigCommentParserparseJSONLikeConfig API is vulnerable to a Regular Expression Denial of Service ReDoS attack in its only argument. Details The regular expression at packages/plugin-kit/src/config-comment-parser.js:158 is vulnerable to a quadratic runtime attack because the grouped...

@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser

Summary The ConfigCommentParserparseJSONLikeConfig API is vulnerable to a Regular Expression Denial of Service ReDoS attack in its only argument. Details The regular expression at packages/plugin-kit/src/config-comment-parser.js:158 is vulnerable to a quadratic runtime attack because the grouped...

PT-2025-31160 · Npm · @Eslint/Plugin-Kit

Summary The ConfigCommentParserparseJSONLikeConfig API is vulnerable to a Regular Expression Denial of Service ReDoS attack in its only argument. Details The regular expression at packages/plugin-kit/src/config-comment-parser.js:158 is vulnerable to a quadratic runtime attack because the grouped...

CVE-2024-41148

A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python...

PT-2025-29953 · Unknown +1 · Robot Operating System +1

Name of the Vulnerable Software and Affected Versions: Robot Operating System ROS versions prior to Noetic Ninjemys Description: A code injection issue exists in the rostopic command-line tool within the Robot Operating System ROS. The vulnerability is located in the echo verb, which utilizes the...

CVE-2025-7579

A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to th...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

Security Bulletin: Using untrusted strings with .replace on Babel-compiled regex named capturing groups can lead to performance degradation, which affects IBM watsonx.data

Summary Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific...

hibernate-validator: Hibernate Validator Expression Language Injection

A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language...

hibernate-validator: Hibernate Validator Expression Language Injection

A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language...

hibernate-validator: Hibernate Validator Expression Language Injection

A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language...

hibernate-validator: Hibernate Validator Expression Language Injection

A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language...