Regular Expression Denial of Service in sshpk

Versions of sshpk before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys. Recommendation Update to version 1.13.2, 1.14.1 or later...

GHSA-2M39-62FM-Q8R3 Regular Expression Denial of Service in sshpk

Versions of sshpk before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys. Recommendation Update to version 1.13.2, 1.14.1 or later...

GHSA-GXPJ-CX7G-858C Regular Expression Denial of Service in debug

Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue. This was later re-introduced in version v3.2.0, and...

Regular Expression Denial of Service in debug

Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue. This was later re-introduced in version v3.2.0, and...

PT-2018-13250 · Xkbcommon +5 · Xkbcommon +5

Name of the Vulnerable Software and Affected Versions: xkbcommon versions prior to 0.8.2 Description: The issue is related to unchecked NULL pointer usage in the ExprResolveLhs function in xkbcomp/expr.c. This could be exploited by local attackers to crash the xkbcommon parser by supplying a...

Sensitive Information Leakage

IdentityServer3 is vulnerable to sensitive information leakage. The leakage of identityserver responses is possible because there is a flaw in Angular expression on the authorize response page...

Moderate severity vulnerability that affects moment

Withdrawn, accidental duplicate publish. The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service CPU consumption via a long string, aka a "regular expression Denial of Service ReDoS."...

Regular Expression Denial of Service in hawk

Versions of hawk prior to 3.1.3, or 4.x prior to 4.1.1 are affected by a regular expression denial of service vulnerability related to excessively long headers and URI's. Recommendation Update to hawk version 4.1.1 or later...

[SECURITY] Fedora 27 Update: mutt-1.9.2-2.fc27

Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting group...

GHSA-9QJ9-36JM-PRPV Regular Expression Denial of Service in fresh

Affected versions of fresh are vulnerable to regular expression denial of service when parsing specially crafted user input. Recommendation Update to version 0.5.2 or later...

Regular Expression Denial of Service in fresh

Affected versions of fresh are vulnerable to regular expression denial of service when parsing specially crafted user input. Recommendation Update to version 0.5.2 or later...

GHSA-MPCF-4GMH-23W8 Regular Expression Denial of Service in forwarded

Affected versions of forwarded are vulnerable to regular expression denial of service when parsing specially crafted user input. Recommendation Update to version 0.1.2 or later...

Regular Expression Denial of Service in forwarded

Affected versions of forwarded are vulnerable to regular expression denial of service when parsing specially crafted user input. Recommendation Update to version 0.1.2 or later...

GHSA-G36H-6R4F-3MQP Regular Expression Denial of Service in string package

Affected versions of string are vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. Recommendation There is currently no direct patch for this vulnerability. Currently, the best solution is to avo...

Regular Expression Denial of Service in string package

Affected versions of string are vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. Recommendation There is currently no direct patch for this vulnerability. Currently, the best solution is to avo...

Regular Expression Denial of Service in tough-cookie

Affected versions of tough-cookie are susceptible to a regular expression denial of service. The amplification on this vulnerability is relatively low - it takes around 2 seconds for the engine to execute on a malicious input which is 50,000 characters in length. If node was compiled using the...

GHSA-G7Q5-PJJR-GQVP Regular Expression Denial of Service in tough-cookie

Affected versions of tough-cookie are susceptible to a regular expression denial of service. The amplification on this vulnerability is relatively low - it takes around 2 seconds for the engine to execute on a malicious input which is 50,000 characters in length. If node was compiled using the...

Regular Expression Denial of Service in parsejson

Affected versions of parsejson are vulnerable to a regular expression denial of service when parsing untrusted user input. Recommendation The parsejson package has not been functionally updated since it was initially released. Additionally, it provides functionality which is natively included in...

GHSA-X5PG-88WF-QQ4P Regular Expression Denial of Service in marked

Affected versions of marked are vulnerable to a regular expression denial of service. The amplification in this vulnerability is significant, with 1,000 characters resulting in the event loop being blocked for around 6 seconds. Recommendation Update to version 0.3.9 or later...

Regular Expression Denial of Service in marked

Affected versions of marked are vulnerable to a regular expression denial of service. The amplification in this vulnerability is significant, with 1,000 characters resulting in the event loop being blocked for around 6 seconds. Recommendation Update to version 0.3.9 or later...