9244 matches found
Regular Expression Denial of Service in markdown
All versions of markdown are vulnerable to Regular Expression Denial of Service ReDoS. The markdown.toHTML function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input. Recommendation No fix i...
RUSTSEC-2020-0166 personnummer Input validation error
Swedish personal identity is in the form of YYMMDD-XXXX An issue arises from the regular expression allowing the first three digits in the last four digits of the personnummer to be 000, which is invalid. To mitigate this without upgrading, a check on the last four digits can be made to make sure...
personnummer Input validation error
Swedish personal identity is in the form of YYMMDD-XXXX An issue arises from the regular expression allowing the first three digits in the last four digits of the personnummer to be 000, which is invalid. To mitigate this without upgrading, a check on the last four digits can be made to make sure...
CVE-2020-24941
The CVE-2020-24941 vulnerability affects Laravel framework prior to 6.18.35 and 7.x prior to 7.24.0, where the $guarded property is mishandled in certain requests with JSON column nesting expressions. The issue’s root cause is a mishandling of guarded on models when nested JSON expressions are in...
Regular Expression Denial of Service in sql-injection
All versions of sql-injection are vulnerable to Regular Expression Denial of Service. The package processes a request's body with regular expressions that may take exponentially longer to execute for large inputs. Recommendation No fix is currently available. Consider using an alternative package...
GHSA-HVXQ-J2R4-4JM8 Regular Expression Denial of Service in sql-injection
All versions of sql-injection are vulnerable to Regular Expression Denial of Service. The package processes a request's body with regular expressions that may take exponentially longer to execute for large inputs. Recommendation No fix is currently available. Consider using an alternative package...
Duplicate Advisory: Regular Expression Denial of Service in simple-markdown
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gpvj-gp8c-c7p2. This link is maintained to preserve external references. Original Description Versions of simple-markdown prior to 0.5.2 are vulnerable to Regular Expression Denial of Service ReDoS. The...
GHSA-4XF9-PGVV-XX67 Duplicate Advisory: Regular Expression Denial of Service in simple-markdown
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gpvj-gp8c-c7p2. This link is maintained to preserve external references. Original Description Versions of simple-markdown prior to 0.5.2 are vulnerable to Regular Expression Denial of Service ReDoS. The...
Regular Expression Denial of Service in marked
Affected versions of marked are vulnerable to Regular Expression Denial of Service ReDoS. The label subrule may significantly degrade parsing performance of malformed input. Recommendation Upgrade to version 0.7.0 or later...
GHSA-CH52-VGQ2-943F Regular Expression Denial of Service in marked
Affected versions of marked are vulnerable to Regular Expression Denial of Service ReDoS. The label subrule may significantly degrade parsing performance of malformed input. Recommendation Upgrade to version 0.7.0 or later...
PT-2020-17233 · Python +4 · Py +4
Name of the Vulnerable Software and Affected Versions: py versions through 1.9.0 Description: A denial of service via regular expression in the py.path.svnwc component could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame...
Node.js third-party modules: [curling] Remote Code Execution
I would like to report RCE in curling I can bypass the security check for special characters, read / overwrite file Module module name: curling version: 1.1.0 npm page: https://www.npmjs.com/package/curling Module Description A node wrapper for curl with a very simple api. Module Stats 156 weekly...
EulerOS 2.0 SP5 : squid (EulerOS-SA-2020-1931)
According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that...
GHSA-2PQJ-H3VJ-PQGW Cross-Site Scripting in jquery
Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors wh...
XSS via Angular Expression in ag-grid
Affected versions of ag-grid are vulnerable to Cross-site Scripting XSS via Angular Expressions, if used in combination with AngularJS. Recommendation Avoid using ag-grid in combination with AngularJS until a fix is available...
Regular Expression Denial of Service in ansi2html
The ansi2html package is affected by a regular expression denial of service vulnerability when certain types of user input is passed in. Proof of concept var ansi2html = require'ansi2html' var start = process.hrtime; ansi2html"1111111111111111111111;0000000000000000000000";...
GHSA-C2V2-7RCG-2CH7 Regular Expression Denial of Service in ansi2html
The ansi2html package is affected by a regular expression denial of service vulnerability when certain types of user input is passed in. Proof of concept var ansi2html = require'ansi2html' var start = process.hrtime; ansi2html"1111111111111111111111;0000000000000000000000";...
GHSA-MVMF-CVFX-QG55 Regular Expression Denial of Service in bleach
All versions of the bleach package are vulnerable to a regular expression denial of service attack when certain types of input are passed into the sanitize function. Recommendation The bleach package is not currently maintained, and has not seen an update since 2014. To mitigate this issue, it is...
Regular Expression Denial of Service in bleach
All versions of the bleach package are vulnerable to a regular expression denial of service attack when certain types of input are passed into the sanitize function. Recommendation The bleach package is not currently maintained, and has not seen an update since 2014. To mitigate this issue, it is...
Design/Logic Flaw
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on th...