GHSA-JXQQ-CQM6-PFQ9 Regular Expression Denial of Service in slug

Affected versions of slug are vulnerable to a regular expression denial of service when parsing untrusted user input. The issue is low severity, as it takes 50,000 characters to cause the event loop to block for 2 seconds, About 50k characters can block the event loop for 2 seconds. Recommendatio...

Regular Expression Denial Of Service in uri-js

Affected versions of uri-js is susceptible to a regular expression denial of service vulnerability when user input is sent to the .parse method. Recommendation Update to v3.0.0 or later...

GHSA-333W-RXJ3-F55R Regular Expression Denial Of Service in uri-js

Affected versions of uri-js is susceptible to a regular expression denial of service vulnerability when user input is sent to the .parse method. Recommendation Update to v3.0.0 or later...

Regular Expression Denial of Service in decamelize

Affected versions of decamelize are susceptible to a denial of service vulnerability when user input is passed directly into decamelize. Recommendation Update to version 1.1.2 or later...

GHSA-Q5C4-39F5-M68J Regular Expression Denial of Service in decamelize

Affected versions of decamelize are susceptible to a denial of service vulnerability when user input is passed directly into decamelize. Recommendation Update to version 1.1.2 or later...

GHSA-PJMX-9XR3-82QR ReDoS via long UserAgent header in useragent

Affected versions of useragent are vulnerable to regular expression denial of service when an arbitrarily long User-Agent header is parsed. Proof of Concept js var useragent = require'useragent'; var badUserAgent = 'MSIE 0.0'+Array900000.join'0'+'XBLWP'; var request = 'GET / HTTP/1.1\r\nUser-Agen...

Regular Expression Denial of Service in content

Affected versions of content are vulnerable to a regular expression denial of service when parsing malicious Content-Type and Content-Disposition headers. Recommendation Update to version 3.0.6 or later...

GHSA-X6WP-RFWH-HCX7 Regular Expression Denial of Service in content

Affected versions of content are vulnerable to a regular expression denial of service when parsing malicious Content-Type and Content-Disposition headers. Recommendation Update to version 3.0.6 or later...

GHSA-FF6R-5JWM-8292 Regular Expression Denial of Service in no-case

Affected versions of no-case are vulnerable to a regular expression denial of service when parsing untrusted user input. Recommendation Update to version 2.3.2 or later...

Regular Expression Denial of Service in no-case

Affected versions of no-case are vulnerable to a regular expression denial of service when parsing untrusted user input. Recommendation Update to version 2.3.2 or later...

GHSA-PMG9-P9R2-6Q87 ReDoS via long UserAgent header in ua-parser

Affected versions of ua-parser are vulnerable to regular expression denial of service when given a specially crafted User-Agent header. Recommendation No patch is currently available for this vulnerability. The best mitigation is currently to avoid using this package, using a different,...

mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input

Affected versions of mime are vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. Recommendation Update to version 2.0.3 or later...

GHSA-WRVR-8MPX-R7PP mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input

Affected versions of mime are vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. Recommendation Update to version 2.0.3 or later...

DEBIAN-CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

Regular Expression Denial Of Service (ReDoS)

jasmine-core is vulnerable to a Regular Expression Denial of Service ReDoS attack. The regular expression ^\sfunction\s\w\s\ is used to obtain the function name from the JS toString output of a function, which can result in a matching time of approximately 10 seconds for data that is 64K...

Remote code execution

A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4...

CVE-2018-8172

A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4...

CVE-2018-8172

A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4...