CVE-2020-7733

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...

CVE-2020-7733

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...

UBUNTU-CVE-2020-7733

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...

CVE-2020-7733

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...

CVE-2020-7733 Regular Expression Denial of Service (ReDoS)

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...

CVE-2020-7733

CVE-2020-7733 affects ua-parser-js prior to 0.7.22, where the Redmi/Mi UA regex can cause a Regular Expression Denial of Service (ReDoS). This may allow a crafted request to trigger a DoS on affected environments. Remediation: upgrade ua-parser-js to 0.7.22 or newer (as per description). If any d...

CVE-2020-7733

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...

PT-2020-6059 · Github · Ua-Parser-Js

Name of the Vulnerable Software and Affected Versions: ua-parser-js versions prior to 0.7.22 Description: The issue is related to an uncontrolled resource consumption vulnerability in the ua-parser-js library. It may allow a remote attacker to cause a denial of service. The vulnerability is due t...

personnummer/python vulnerable to Improper Input Validation

This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity. Impact This vulnerability impacts...

GHSA-QV8Q-V995-72GR personnummer/csharp vulnerable to Improper Input Validation

This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity. Impact This vulnerability impacts...

Regular Expression Denial of Service (ReDoS)

Overview ua-parser-js is a lightweight JavaScript-based user-agent string parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA. POC by Yeting Li var blank = " "; for let i = 1; i 5000; i++ blank...

EulerOS Virtualization for ARM 64 3.0.2.0 : perl (EulerOS-SA-2020-1967)

According to the versions of the perl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Perl before 5.30.3 has an integer overflow related to mishandling of a 'PLregkindOPn == NOTHING' situation. A crafted...

hibernate-validator: Improper input validation in the interpolation of constraint error messages

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...

Regular Expression Denial Of Service (ReDoS)

pylint is vulnerable to regular expression denial of service. A regex sub-pattern ^\W+\w allows an attacker to cause a denial of service condition using the string ""+"1"5000 + "!"...

personnummer/js vulnerable to Improper Input Validation

This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity. Impact This vulnerability impacts...

GHSA-VPGC-7H78-GX8F personnummer/js vulnerable to Improper Input Validation

This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity. Impact This vulnerability impacts...

GHSA-QVJC-G5VR-MFGR Regular Expression Denial of Service in papaparse

Versions of papaparse prior to 5.2.0 are vulnerable to Regular Expression Denial of Service ReDos. The parse function contains a malformed regular expression that takes exponentially longer to process non-numerical inputs. This allows attackers to stall systems and lead to Denial of Service...

Regular Expression Denial of Service in papaparse

Versions of papaparse prior to 5.2.0 are vulnerable to Regular Expression Denial of Service ReDos. The parse function contains a malformed regular expression that takes exponentially longer to process non-numerical inputs. This allows attackers to stall systems and lead to Denial of Service...

GHSA-HRPP-F84W-XHFG Outdated Static Dependency in vue-moment

Versions of vue-moment prior to 4.1.0 contain an Outdated Static Dependency. The package depends on moment and has it loaded statically instead of as a dependency that can be updated. It has [email protected] that contains a Regular Expression Denial of Service vulnerability. Recommendation Upgrade t...

Outdated Static Dependency in vue-moment

Versions of vue-moment prior to 4.1.0 contain an Outdated Static Dependency. The package depends on moment and has it loaded statically instead of as a dependency that can be updated. It has [email protected] that contains a Regular Expression Denial of Service vulnerability. Recommendation Upgrade t...