CVE-2018-7651

The CVE-2018-7651 entry concerns the Node.js ssri module. Affected component: index.js in ssri prior to 5.2.2. Root cause: a regular expression denial of service (ReDoS) in strict mode triggered by a long base64 hash string. Impact: potential DoS condition; no exploitation specifics provided in t...

UBUNTU-CVE-2017-18212

An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function in lit/lit-char-helpers.c via a RegExp"\x0"; payload...

Regular Expression Denial Of Service (ReDoS)

ssri is vulnerable to regular expression denial of service ReDoS attacks. If an application is using the opts.strict option, attackers can inject extremely long base64 hash strings to cause the application to hang...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:html-dom-parser is a HTML to DOM parser that works on both the server and client. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. It used a regular expression /\s\S/ and /\s\S/ in order to find html tags. This can cause an...

Node.js third-party modules: Regular Expression Denial of Service (ReDoS)

The issue was already fixed. Module: is-my-json-valid Summary: Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks. It used a regular expression /^\S+@\S+$/ in order to validate emails. This can cause an impact of about 10 seconds matching time f...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the 1 redir or 2 mkey parameter to waf/pcreexpression/validate...

openSUSE Security Update : chromium (openSUSE-2018-128)

This update for chromium to version 64.0.3282.140 fixes the following security issues : - CVE-2018-6406: Various asan fixes boo1078463, boo1079021 The regular expression library re2 was updated to 2018-02-01. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

OPENSUSE-SU-2018:0360-1 Security update for chromium

This update for chromium to version 64.0.3282.140 fixes the following security issues: - CVE-2018-6406: Various asan fixes boo1078463, boo1079021 The regular expression library re2 was updated to 2018-02-01...

OPENSUSE-SU-2018:0359-1 Security update for chromium

This update for chromium to version 64.0.3282.140 fixes the following security issues: - CVE-2018-6406: Various asan fixes boo1078463, boo1079021 The regular expression library re2 was updated to 2018-02-01...

Design/Logic Flaw

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

CVE-2018-6519

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

CVE-2018-6519

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

DEBIAN-CVE-2018-6519

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

CVE-2018-6519

The vulnerability CVE-2018-6519 affects SimpleSAMLphp’s SAML2 library: Regular Expression Denial of Service for fraction-of-seconds in timestamps. Affected versions are SimpleSAMLphp SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1. Impact is partial availability (DoS) via netw...

CVE-2018-6519

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

CVE-2018-6519

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

CVE-2017-18077

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

ReDoS in brace-expansion

Affected versions of brace-expansion are vulnerable to a regular expression denial of service condition. Proof of Concept var expand = require'brace-expansion'; expand',,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\n'; Recommendation Update to...

GHSA-832H-XG76-4GV6 ReDoS in brace-expansion

Affected versions of brace-expansion are vulnerable to a regular expression denial of service condition. Proof of Concept var expand = require'brace-expansion'; expand',,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\n'; Recommendation Update to...

CVE-2017-18077

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...