9211 matches found
Regular Expression Denial of Service (ReDoS)
Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the preprocessstring function in the transformers.testingutils module. An attacker can cause high CPU usa...
Hugging Face Transformers Regular Expression Denial of Service
A Regular Expression Denial of Service ReDoS exists in the preprocessstring function of the transformers.testingutils module. In versions before 4.50.0, the regex used to process code blocks in docstrings contains nested quantifiers that can trigger catastrophic backtracking when given inputs wit...
GHSA-QQ3J-4F4F-9583 Hugging Face Transformers Regular Expression Denial of Service
A Regular Expression Denial of Service ReDoS exists in the preprocessstring function of the transformers.testingutils module. In versions before 4.50.0, the regex used to process code blocks in docstrings contains nested quantifiers that can trigger catastrophic backtracking when given inputs wit...
PYSEC-2025-40
A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...
PYSEC-2025-40
A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...
CVE-2025-2099
A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...
CVE-2025-2099 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...
CVE-2025-2099 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...
CVE-2025-4727
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...
Security Bulletin: Vulnerability in path-to-regexp affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in path-to-regexp has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
EulerOS Virtualization 2.12.1 : python-configobj (EulerOS-SA-2025-1557)
According to the versions of the python-configobj package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate...
EulerOS Virtualization 2.12.0 : python-configobj (EulerOS-SA-2025-1573)
According to the versions of the python-configobj package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate...
CVE-2025-24026
iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service ReDoS that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop...
GHSA-J3V9-6GC7-VF5F Meteor Affected By Inefficient Regular Expression Complexity
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...
Meteor Affected By Inefficient Regular Expression Complexity
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...
CVE-2025-4727
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...
CVE-2025-4727 Meteor livedata_server.js Object.assign redos
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...
CVE-2025-4727
Summary: CVE-2025-4727 affects Meteor up to 3.2.1, involving the Object.assign handling in packages/ddp-server/livedata_server.js where forwardedFor manipulation enables inefficient regex complexity (ReDoS). The issue may be remotely exploitable and requires high attack complexity. Public exploit...
Regular Expression Denial of Service (ReDoS)
...
PT-2025-21583 · Meteor · Meteor
Name of the Vulnerable Software and Affected Versions: Meteor versions up to 3.2.1 Description: A vulnerability was found in the function Object.assign of the file packages/ddp-server/livedata server.js. The manipulation of the argument forwardedFor leads to inefficient regular expression...