CVE-2019-16215

The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages...

Code injection

The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages...

CVE-2019-16215

The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages...

Regular Expression Denial of Service

Overview Versions of csv-parse prior to 4.4.6 are vulnerable to Regular Expression Denial of Service. The isInt function contains a malformed regular expression that processes large specially-crafted input very slowly, leading to a Denial of Service. This is triggered when using the cast option...

Regular Expression Denial of Service

Overview All versions of sql-injection are vulnerable to Regular Expression Denial of Service. The package processes a request's body with regular expressions that may take exponentially longer to execute for large inputs. Recommendation No fix is currently available. Consider using an alternativ...

CVE-2019-16214

Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence which introduces a...

Code injection

Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence which introduces a...

CVE-2019-16214

Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence which introduces a...

CVE-2019-16214

CVE-2019-16214 affects Libra Core prior to 2019-09-03, where an erroneous regular expression for inline comments lets a nonstandard line-break character (\r) appear to terminate a comment in audits, potentially misleading readers about code execution. The Move module author could place // followe...

FreeBSD : oniguruma -- multiple vulnerabilities (a8d87c7a-d1b1-11e9-a616-0992a4564e7c)

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

Multiple Code Execution Flaws Found In PHP Programming Language

Maintainers of the PHP programming language recently released the latest versions of PHP to patch multiple high-severity vulnerabilities in its core and bundled libraries, the most severe of which could allow remote attackers to execute arbitrary code and compromise targeted servers. Hypertext...

Regular Expression Denial of Service

Overview Versions of simple-markdown prior to 0.5.2 are vulnerable to Regular Expression Denial of Service ReDoS. The SimpleMarkdown.defaultInlineParse function has significantly degraded performance when parsing inline code blocks. Recommendation Upgrade to version 0.5.2 or later. References -...

GHSA-65P8-3HM4-H9H8 Denial of Service in rgb2hex

All versions of rgb2hex are vulnerable to Regular Expression Denial of Service ReDoS when an attacker can pass in a specially crafted invalid color value. Recommendation Update to version 0.1.6 or later...

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A heap-based buffer over-read in the mbstring regular expression functions allows an attacker to execute arbitrary code on the system...

CVE-2019-15225

In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service memory consumption. This is a related issue to CVE-2019-14993...

Design/Logic Flaw

In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service memory consumption. This is a related issue to CVE-2019-14993...

CORS-Vulnerable-Lab: with COSR configuration error related to the vulnerability code range-vulnerability warning-the black bar safety net

This repository contains the CORS configuration error related to the vulnerable code. You can be on the local machine to configure the vulnerable code, and to the actual use of the CORS related error configuration issue. In this case, I would first like to thank@albinowax, the AKReddy, And Vivek...

CVE-2017-16113

The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed...

Moment.js < 2.15.2 Regular Expression Denial of Service

According to its self-reported version number, Moment.js is prior to 2.15.2. Therefore, it may be affected by a regular expression denial of service vulnerability when arbitrary user input is passed into format. Note that the scanner has not tested for these issues but has instead relied only on...

Incorrect Regular Expression

Istio mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API...