Remote Code Execution (RCE) vulnerability in dropwizard-validation

Summary A server-side template injection was identified in the self-validating @SelfValidating feature of dropwizard-validation enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you're using a self-validating bean via @SelfValidatin...

GHSA-8JPX-M2WH-2V34 Remote Code Execution (RCE) vulnerability in dropwizard-validation

Summary A server-side template injection was identified in the self-validating @SelfValidating feature of dropwizard-validation enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you're using a self-validating bean via @SelfValidatin...

Denial Of Service (DoS)

boost is vulnerable to denial of service. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could cause...

Denial Of Service (DoS)

boost is vulnerable to denial of service DoS. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could...

Remote Code Execution (RCE)

JBoss Enterprise Application Platform is vulnerable to remtoe code execution RCE. Due to an incomplete fix for CVE-2011-1484, JBoss Seam 2 did not block access to all malicious JBoss Expression Language EL constructs in page exception handling, allowing arbitrary Java methods to be executed. A...

Denial Of Service (DoS)

WebKitGTK+ is vulnerable to Denial of Service DoS. It is due to some flaws allowing remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted regular expression...

Arbitrary Code Execution

jboss-seam2 is vulnerable to arbitrary code execution. The vulnerability exists as an input sanitization flaw was found in the way JBoss Seam processed certain parametrized JBoss Expression Language EL expressions. A remote attacker could use this flaw to execute arbitrary code via a URL,...

Denial Of Service (DoS)

ruby is vulnerable to denial of service. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash...

Arbitrary Code Execution

perl is vulnerable to arbitrary code execution. The vulnerability exists as a flaw was found in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the...

Denial Of Service (DoS)

postgresql is vulnerable to denial of service DoS. The vulnerability exists in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory...

envoy: crafted request with long URI allows remote attacker to cause denial of service

A flaw was found in Envoy through version 1.11.1. Users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service through memory consumption. The highest thre...

CVE-2019-14232

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...

Exploit for Expression Language Injection in Sonatype Nexus

CVE-2020-10199-10204 http://1984-0day.com python3 poc.py...

Moderate: Red Hat Security Advisory: python security update

An update for python is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impac...

RHEL 7 : python (RHSA-2020:1346)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1346 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Django: backtracking in a regular expression in django.utils.text.Truncator leads to DoS

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...

GHSA-6CHW-6FRG-F759 Regular Expression Denial of Service in Acorn

Affected versions of acorn are vulnerable to Regular Expression Denial of Service. A regex in the form of /x-\ud800/u causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser. If an application processes...

Regular Expression Denial of Service in Acorn

Affected versions of acorn are vulnerable to Regular Expression Denial of Service. A regex in the form of /x-\ud800/u causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser. If an application processes...

CVE-2018-7158

It was found that the 'path' module from Node.js was vulnerable to a Regular Expression Denial of Service REDoS flaw. An attacker able to provide a specially crafted file path to a Node.js script could force it to hang indefinitely...

openSUSE Security Update : ruby2.5 (openSUSE-2020-395)

This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake bsc1164804. - CVE-2019-16255: Fixed a code injection vulnerability of Shell and Shelltest bsc1152990. - CVE-2019-16254: Fixed...