9243 matches found
CVE-2024-12720
CVE-2024-12720 affects Hugging Face Transformers, in particular the file tokenization_nougat_fast.py within the post_process_single() function. The issue is a RegEx that can exhibit exponential backtracking, leading to high CPU usage and potential DoS under crafted input. Affected version cited: ...
CVE-2024-12720 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issu...
CVE-2024-8998 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary
A Regular Expression Denial of Service ReDoS vulnerability exists in lunary-ai/lunary version git f07a845. The server uses the regex /.?/ to match user-controlled strings. In the default JavaScript regex engine, this regex can take polynomial time to match certain crafted user inputs. As a result...
CVE-2024-8998 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary
A Regular Expression Denial of Service ReDoS vulnerability exists in lunary-ai/lunary version git f07a845. The server uses the regex /.?/ to match user-controlled strings. In the default JavaScript regex engine, this regex can take polynomial time to match certain crafted user inputs. As a result...
CVE-2024-8998
CVE-2024-8998 affects lunary-ai/lunary, where the server uses the regex /{.?}/ to match user-controlled strings. In the default JavaScript engine, this can cause a Regular Expression Denial of Service (ReDoS) with crafted inputs, potentially hanging the server. The issue is fixed in version 1.4.2...
CVE-2024-10955 ReDoS (Regular Expression Denial of Service) in gaizhenbiao/chuanhuchatgpt
A Regular Expression Denial of Service ReDoS vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern r'+' to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attacker c...
CVE-2024-10955
Vulnerability summary (CVE-2024-10955) A ReDoS flaw exists in the gaizhenbiao/chuanhuchatgpt server, caused by input parsing with the regex pattern ]+>. In Python’s regex engine, this can degenerate to polynomial time on crafted inputs, enabling an attacker to upload a malicious JSON payload t...
CVE-2024-10955 ReDoS (Regular Expression Denial of Service) in gaizhenbiao/chuanhuchatgpt
A Regular Expression Denial of Service ReDoS vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern r'+' to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attacker c...
CVE-2024-10624
CVE-2024-10624 affects the gradio-app/gradio repository, vulnerable in the gr.Datetime component due to a vulnerable regex: ^(?:\snow\s (?:-\s*(\d+)\s*([dmhs]))?)?\s*$ that can cause polynomial-time matching in Python’s regex engine. The affected commit is 98cbcae. An attacker can trigger a DoS b...
CVE-2024-10624 Regular Expression Denial of Service (ReDoS) in gradio-app/gradio
A Regular Expression Denial of Service ReDoS vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression ^?:\snow\s?:-\s\d+\sdmhs??\s$ to process user input...
CVE-2024-10624 Regular Expression Denial of Service (ReDoS) in gradio-app/gradio
A Regular Expression Denial of Service ReDoS vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression ^?:\snow\s?:-\s\d+\sdmhs??\s$ to process user input...
CVE-2024-12391 Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic
A vulnerability in binary-husky/gptacademic, as of commit 310122f, allows for a Regular Expression Denial of Service ReDoS attack. The function '解析项目源码(手动指定和筛选源码文件类型)' permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take...
CVE-2024-12391
The CVE-2024-12391 entry affects binary-husky/gpt_academic (commit 310122f). The vulnerability arises in the function 解析项目源码(手动指定和筛选源码文件类型) that executes user-provided regular expressions, enabling a Regular Expression Denial of Service (ReDoS). Certain regex patterns can cause the Python RE engi...
CVE-2024-12391 Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic
A vulnerability in binary-husky/gptacademic, as of commit 310122f, allows for a Regular Expression Denial of Service ReDoS attack. The function '解析项目源码(手动指定和筛选源码文件类型)' permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take...
CVE-2024-8789 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary
Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service ReDoS attack. The application allows users to upload their own regular expressions, which are then executed on the server side. Certain regular expressions can have exponential runtime complexity relative...
CVE-2024-8789 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary
Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service ReDoS attack. The application allows users to upload their own regular expressions, which are then executed on the server side. Certain regular expressions can have exponential runtime complexity relative...
CVE-2024-8789
CVE-2024-8789 affects Lunary-ai/lunary (commit 105a3f6). The issue is a Regular Expression Denial of Service (ReDoS) caused by server-side execution of user-supplied regular expressions, which can have exponential runtime complexity and render the server unresponsive. Documented in multiple sourc...
CVE-2024-10550
CVE-2024-10550 affects h2oai/h2o-3 v3.46.0.1. The /3/ParseSetup endpoint applies a user-specified regex to a user-controlled string, enabling Regular Expression DoS (ReDoS) that can exhaust server resources and render the service unresponsive. Affected component: h2o-core in h2o-3; root cause is ...
CVE-2024-10550 Denial of Service by ReDOS in h2oai/h2o-3
A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...
CVE-2024-10550 Denial of Service by ReDOS in h2oai/h2o-3
A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...