9211 matches found
CVE-2021-3649
chatwoot is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-3794
vuelidate is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-3777
nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-32821
MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...
CVE-2021-40895
A Regular Expression Denial of Service ReDOS vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements...
CVE-2020-7661
all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service...
CVE-2020-7165
A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
CVE-2020-2288
In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling...
CVE-2020-26565
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data...
CVE-2020-24652
A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
CVE-2020-36661
A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function isheader of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this...
CVE-2020-27511
An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service ReDOS through stripping crafted HTML tags...
CVE-2020-7187
A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
CVE-2020-26308
Validate.js provides a declarative way of validating javascript objects. Versions 0.13.1 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no known patches are available...
CVE-2020-26304
Foundation is a front-end framework. Versions 6.3.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, it is unknown if any fixes are available...
CVE-2020-26305
CommonRegexJS is a CommonRegex port for JavaScript. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no known patches are available...
CVE-2020-26309
Validate.js provides a declarative way of validating javascript objects. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, it is unknown if any patches are available...
CVE-2020-26306
Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no known patches are...
CVE-2018-25077
A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is...
CVE-2017-20165
A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. T...