Prototype Pollution

Overview deeply is an a toolkit for deep structure manipulations, provides deep merge/clone functionality out of the box, and exposes hooks and custom adapters for more control and greater flexibility. Affected versions of this package are vulnerable to Prototype Pollution. The function assign-de...

Regular Expression Denial of Service

A Regular Expression Denial of Service vulnerability was discovered in esm before 3.1.0. The issue is that esm's find-indexes is using the unescaped identifiers in a regex, which, in this case, causes an infinite loop...

GHSA-QX4V-6GC5-F2VV Regular Expression Denial of Service

A Regular Expression Denial of Service vulnerability was discovered in esm before 3.1.0. The issue is that esm's find-indexes is using the unescaped identifiers in a regex, which, in this case, causes an infinite loop...

Regular Expression Denial Of Service (ReDoS)

useragent is vulnerable to regular expression denial of service ReDoS. The attacker can edit the useragent header to include a long useragent string containing long numbers or letters exhausting the CPU via an event loop and eventually crashing the server...

[SECURITY] Fedora 30 Update: mutt-1.12.0-1.fc30

Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting group...

Prototype Pollution

Overview set-value is a package that creates nested values and any intermediaries using dot notation 'a.b.c' paths. Affected versions of this package are vulnerable to Prototype Pollution. The function set-value could be tricked into adding or modifying properties of Object.prototype using any of...

Prototype Pollution

Overview mixin-deep is a package that deeply mixes the properties of objects into the first object. Affected versions of this package are vulnerable to Prototype Pollution. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c

A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the...

Rejetto HTTP File Server Remote Code Execution (CVE-2014-6287)

A remote code execution vulnerability exists in Rejetto HTTP File Server. This vulnerability is due to a regular expression that fails to handle null bytes. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to a target server...

Regular Expression Denial of Service in underscore.string

Versions of underscore.string prior to 3.3.5 are vulnerable to Regular Expression Denial of Service ReDoS. The function unescapeHTML is vulnerable to ReDoS due to an overly-broad regex. The slowdown is approximately 2s for 50,000 characters but grows exponentially with larger inputs. Recommendati...

Regular Expression Denial of Service (ReDoS)

A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks...

GHSA-H6CH-V84P-W6P9 Regular Expression Denial of Service (ReDoS)

A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks...

CVE-2019-12798

An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c does not restrict regular expression program size, leading to an overflow of the parsed syntax list size...

CVE-2019-12798

An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c does not restrict regular expression program size, leading to an overflow of the parsed syntax list size...

Regular Expression Denial of Service

A Regular Expression vulnerability was found in nwmatcher before 1.4.4. The fix replacing multiple repeated instances of the "\s" pattern...

GHSA-6394-6H9H-CFJG Regular Expression Denial of Service

A Regular Expression vulnerability was found in nwmatcher before 1.4.4. The fix replacing multiple repeated instances of the "\s" pattern...

GHSA-Q22G-8FR4-QPJ4 Regular Expression Denial of Service in remarkable

lib/common/htmlre.js in remarkable 1.7.1 allows Regular Expression Denial of Service ReDoS via a CDATA section...

Duplicate Advisory: Regular Expression Denial of Service in braces

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cwfw-4gq5-mrqx. This link is maintained to preserve external references. Original Description Versions of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may...

GHSA-G95F-P29Q-9XW4 Duplicate Advisory: Regular Expression Denial of Service in braces

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cwfw-4gq5-mrqx. This link is maintained to preserve external references. Original Description Versions of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may...

HPE Intelligent Management Center (IMC) faultStatChooseFaultType Expression Language Injection Remote Code Execution Vulnerability

HPE Intelligent Management Center IMC is a comprehensive management platform built from the ground up to support the Failure, Configuration, Accounting, Performance and Security FCAPS model. A faultStatChooseFaultType expression language injection remote code execution vulnerability exists in HPE...