9163 matches found
Design/Logic Flaw
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...
CVE-2016-3090
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...
CVE-2016-3090
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...
CVE-2016-3090
CVE-2016-3090 — Affected product and details : Apache Struts 2.x prior to 2.3.20 is vulnerable. The issue lies in the TextParseUtil.translateVariables method, exposed via a crafted OGNL expression using ANTLR tooling. Impact : remote code execution (RCE) with network access. Exploitation : attack...
CVE-2016-3090
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...
GHSA-HJCP-J389-59FF Regular Expression Denial of Service in marked
Versions 0.3.3 and earlier of marked are affected by a regular expression denial of service ReDoS vulnerability when passed inputs that reach the em inline rule. Recommendation Update to version 0.3.4 or later...
GHSA-X6FG-F45M-JF5Q Regular Expression Denial of Service in semver
Versions 4.3.1 and earlier of semver are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Recommendation Update to version 4.3.2 or later...
Regular Expression Denial of Service in ms
Versions of ms prior to 0.7.1 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Proof of Concept javascript var ms = require'ms'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr; return...
Regular Expression Denial of Service in semver
Versions 4.3.1 and earlier of semver are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Recommendation Update to version 4.3.2 or later...
Regular Expression Denial of Service in uglify-js
Versions of uglify-js prior to 2.6.0 are affected by a regular expression denial of service vulnerability when malicious inputs are passed into the parse method. Proof of Concept var u = require'uglify-js'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr;...
GHSA-F522-FFG8-J8R6 Regular Expression Denial of Service in is-my-json-valid
Version of is-my-json-valid before 2.12.4 are vulnerable to regular expression denial of service ReDoS via the email validation function. Recommendation Update to version 2.12.4 or later...
GHSA-87VV-R9J6-G5QV Regular Expression Denial of Service in moment
Versions of moment prior to 2.11.2 are affected by a regular expression denial of service vulnerability. The vulnerability is triggered when arbitrary user input is passed into moment.duration. Proof of concept var moment = require'moment'; var genstr = function len, chr var result = ""; for i=0;...
Regular Expression Denial of Service in moment
Versions of moment prior to 2.11.2 are affected by a regular expression denial of service vulnerability. The vulnerability is triggered when arbitrary user input is passed into moment.duration. Proof of concept var moment = require'moment'; var genstr = function len, chr var result = ""; for i=0;...
Regular Expression Denial Of Service (ReDoS)
moment is vulnerable to denial of service DoS attacks. These attacks are possible because the regular expression that is used for matching dates takes awhile for long strings...
nodejs-tough-cookie: Regular expression denial of service
A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU...
Moderate: Red Hat Security Advisory: rh-nodejs6-nodejs-tough-cookie security update
An update for rh-nodejs6-nodejs-tough-cookie is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
nodejs-tough-cookie: Regular expression denial of service
A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU...
Moderate: Red Hat Security Advisory: rh-nodejs4-nodejs-tough-cookie security update
An update for rh-nodejs4-nodejs-tough-cookie is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
UPDATE: OWASP Dependency-Check 3.0.0
PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.0.0! This release comes with Java 9...
CVE-2016-10513
Cross Site Scripting XSS exists in Piwigo before 2.8.3 via a crafted search expression to include/functionssearch.inc.php...