9188 matches found
CVE-2017-16138
The mime module 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input...
CVE-2017-16118
The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...
CVE-2017-16116
The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods...
CVE-2017-16117
slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds...
CVE-2017-16099
The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition...
CVE-2017-16114
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds...
CVE-2017-16116
The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods...
DEBIAN-CVE-2017-16119
Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...
CVE-2017-16114
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds...
CVE-2017-16098
charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTPMAXHEADERSIZE= option the default header max length is 80kb, so the impact of the ReDoS is...
CVE-2017-16115
The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds...
CVE-2017-16098
charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTPMAXHEADERSIZE= option the default header max length is 80kb, so the impact of the ReDoS is...
DEBIAN-CVE-2017-16114
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds...
CVE-2017-16111
The content module is a module to parse HTTP Content- headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header...
CVE-2017-16113
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed...
CVE-2017-16113
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed...
CVE-2017-16117
slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds...
CVE-2017-16119
Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...
CVE-2017-16086
ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS Regular Expression Denial of Service attack when given a specially crafted UserAgent header...
Race condition
The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition...