The vulnerability of the Apache Struts software platform arises from insufficient validation of input data, allowing attackers to execute arbitrary code.

The vulnerability of the Apache Struts software platform exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the sequence of characters “%” within tag attributes double evaluation of parameters as expressions ...

Important: php56, php70, php71

Issue Overview: pcre: heap buffer overflow in handling of duplicate named groups 8.39/14 The pcrecompile2 function in pcrecompile.c mishandles the /?:F?+?:^?Ra+\"99-?J?'R'?'R'?'RR'?'R'\\97?J?J?'R'?'R'\\99|:?|?'R'\\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which...

Apache Struts 'TextParseUtil.translateVariables()' Remote Code Execution Vulnerability

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...

Design/Logic Flaw

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...

CVE-2016-3090

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...

CVE-2016-3090

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...

CVE-2016-3090

CVE-2016-3090 — Affected product and details : Apache Struts 2.x prior to 2.3.20 is vulnerable. The issue lies in the TextParseUtil.translateVariables method, exposed via a crafted OGNL expression using ANTLR tooling. Impact : remote code execution (RCE) with network access. Exploitation : attack...

CVE-2016-3090

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...

GHSA-HJCP-J389-59FF Regular Expression Denial of Service in marked

Versions 0.3.3 and earlier of marked are affected by a regular expression denial of service ReDoS vulnerability when passed inputs that reach the em inline rule. Recommendation Update to version 0.3.4 or later...

GHSA-X6FG-F45M-JF5Q Regular Expression Denial of Service in semver

Versions 4.3.1 and earlier of semver are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Recommendation Update to version 4.3.2 or later...

Regular Expression Denial of Service in ms

Versions of ms prior to 0.7.1 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Proof of Concept javascript var ms = require'ms'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr; return...

Regular Expression Denial of Service in semver

Versions 4.3.1 and earlier of semver are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Recommendation Update to version 4.3.2 or later...

Regular Expression Denial of Service in uglify-js

Versions of uglify-js prior to 2.6.0 are affected by a regular expression denial of service vulnerability when malicious inputs are passed into the parse method. Proof of Concept var u = require'uglify-js'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr;...

GHSA-87VV-R9J6-G5QV Regular Expression Denial of Service in moment

Versions of moment prior to 2.11.2 are affected by a regular expression denial of service vulnerability. The vulnerability is triggered when arbitrary user input is passed into moment.duration. Proof of concept var moment = require'moment'; var genstr = function len, chr var result = ""; for i=0;...

GHSA-F522-FFG8-J8R6 Regular Expression Denial of Service in is-my-json-valid

Version of is-my-json-valid before 2.12.4 are vulnerable to regular expression denial of service ReDoS via the email validation function. Recommendation Update to version 2.12.4 or later...

Regular Expression Denial of Service in moment

Versions of moment prior to 2.11.2 are affected by a regular expression denial of service vulnerability. The vulnerability is triggered when arbitrary user input is passed into moment.duration. Proof of concept var moment = require'moment'; var genstr = function len, chr var result = ""; for i=0;...

Regular Expression Denial Of Service (ReDoS)

moment is vulnerable to denial of service DoS attacks. These attacks are possible because the regular expression that is used for matching dates takes awhile for long strings...

Moderate: Red Hat Security Advisory: rh-nodejs6-nodejs-tough-cookie security update

An update for rh-nodejs6-nodejs-tough-cookie is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

nodejs-tough-cookie: Regular expression denial of service

A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU...

Moderate: Red Hat Security Advisory: rh-nodejs4-nodejs-tough-cookie security update

An update for rh-nodejs4-nodejs-tough-cookie is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...