9190 matches found
CVE-2017-16113
CVE-2017-16113 affects the parsejson module, where a regular expression denial of service (ReDoS) can be triggered by untrusted input during JSON parsing. Affected details across sources consistently describe a ReDoS risk in parsejson, with CVSS v3.0 base score 7.5 (HIGH) and impact on availabili...
CVE-2017-16138
CVE-2017-16138 affects the mime Node.js module, with vulnerable versions including
CVE-2017-16137
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...
CVE-2017-16115
The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds...
CVE-2017-16099
The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition...
CVE-2017-16137
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...
CVE-2017-16113
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed...
CVE-2017-16114
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds...
CVE-2017-16138
The mime module 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input...
CVE-2017-16098
charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTPMAXHEADERSIZE= option the default header max length is 80kb, so the impact of the ReDoS is...
CVE-2017-16115
The timespan module (JavaScript implementation) is vulnerable to a Regular Expression Denial of Service (ReDoS) when parsing dates. A crafted 50k-character input can block the event loop for about 10 seconds, affecting affected versions of the timespan package. The documentation notes no direct p...
CVE-2017-16138
The mime module 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input...
CVE-2017-16099
The CVE-2017-16099 entry concerns the nodejs-no-case (no-case) module, which is vulnerable to a regular expression denial of service (ReDoS). The underlying issue arises when untrusted user input is parsed by no-case, causing the event loop to block and potentially impacting availability. Public ...
CVE-2017-16137
CVE-2017-16137 affects the Node.js debug module and can cause a regular expression denial of service (ReDoS) when untrusted input is passed to the formatter; susceptibility is reported as low severity but could enable a DoS by consuming CPU with around 50k characters. The connected documents show...
PT-2018-16161 · Protobufjs · Protobufjs
Name of the Vulnerable Software and Affected Versions: protobufjs versions prior to 5.0.3 protobufjs versions prior to 6.8.6 Description: The issue concerns a regular expression denial of service when parsing crafted invalid .proto files, potentially leading to ReDoS. Recommendations: Update to...
CVE-2017-16021
uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100%...
CVE-2017-16021
uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100%...
Code injection
uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100%...
CVE-2017-16021
uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100%...
PT-2018-6052 · Github · Uri.Js
Name of the Vulnerable Software and Affected Versions: uri-js versions 2.1.1 and earlier Description: The issue arises from a regular expression used by uri-js to validate URLs, which is vulnerable to redos. This vulnerability causes the program to hang and results in 100% CPU usage when attempti...