Regular Expression Denial of Service (ReDoS)

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the removehtmltags function in utils.py, which can be exploited by a user to cause the application to...

Regular expression Denial of Service - ReDoS

Description A Regular Expression Denial of Service ReDoS vulnerability was identified in the Transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...

Regular Expression Denial Of Service (ReDoS)

Parse-uri is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing, which allows attackers to exploit crafted URLs and cause a denial of service...

OESA-2025-1053 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of...

BIT-PYTHON-MIN-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

parse-uri Regular expression Denial of Service (ReDoS)

An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service ReDoS via a crafted URL. PoC js async function exploit const parseuri = require"parse-uri"; // This input is designed to cause excessive backtracking in the regex const craftedInput = 'http://example.com...

GHSA-6FX8-H7JM-663J parse-uri Regular expression Denial of Service (ReDoS)

An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service ReDoS via a crafted URL. PoC js async function exploit const parseuri = require"parse-uri"; // This input is designed to cause excessive backtracking in the regex const craftedInput = 'http://example.com...

CVE-2024-36751

An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service ReDoS via a crafted URL...

CVE-2024-36751

An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service ReDoS via a crafted URL...

parse-uri 安全漏洞

parse-uri is a lightweight module for parsing URIs from the individual developers at Kiko Beats. A security vulnerability exists in parse-uri v1.0.9. An attacker can exploit this vulnerability to trigger a regular expression denial of service via a crafted URL...

CVE-2024-36751

An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service ReDoS via a crafted URL...

CVE-2024-36751

CVE-2024-36751 affects parse-uri v1.0.9. The issue is a Regular Expression Denial of Service (ReDoS) triggered by crafted URLs due to inefficient regex processing. Reported exploits and PoC exist (GHSA advisory). Impact is Denial of Service with availability risk; CVSSv3.1 base score 6.5. No fix ...

PT-2025-3854 · Splunk · Splunk Supporting Add-On For Active Directory

Name of the Vulnerable Software and Affected Versions: Splunk Supporting Add-on for Active Directory versions 3.1.0 and earlier Description: A vulnerable regular expression pattern in the Splunk Supporting Add-on for Active Directory could lead to a Regular Expression Denial of Service ReDoS...

PT-2025-2456 · Parse-Uri · Parse-Uri

Name of the Vulnerable Software and Affected Versions: parse-uri version 1.0.9 Description: The issue allows attackers to cause a Regular expression Denial of Service ReDoS via a crafted URL. This can be achieved by manipulating the URL in a way that triggers a denial of service. Recommendations:...

MonetDB 安全漏洞

MonetDB is an open source column-oriented relational database management system from MonetDB Open Source. A security vulnerability exists in MonetDB version v11.47.11 that stems from an issue contained in the bindcolexp component. An attacker exploiting this vulnerability could cause a denial of...

The vulnerability of the logback-core module in the QOS monitoring system allows a perpetrator to execute arbitrary code.

The vulnerability of the logback-core module in the QOS monitoring system is related to the failure to take measures to neutralize special elements used in the expression language operator. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by using the...

Medium: nodejs20

Issue Overview: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. CVE-2024-21538 Affected...

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-795)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-795 advisory. Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the...

Medium: nodejs

Issue Overview: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. CVE-2024-21538 Affected...

Medium: nodejs

Issue Overview: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. CVE-2024-21538 Affected...