nodejs-tough-cookie: Regular expression denial of service

A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU...

UPDATE: OWASP Dependency-Check 3.0.0

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.0.0! This release comes with Java 9...

CVE-2016-10513

Cross Site Scripting XSS exists in Piwigo before 2.8.3 via a crafted search expression to include/functionssearch.inc.php...

CVE-2016-10513

Cross Site Scripting XSS exists in Piwigo before 2.8.3 via a crafted search expression to include/functionssearch.inc.php...

CVE-2016-10513

Cross Site Scripting XSS exists in Piwigo before 2.8.3 via a crafted search expression to include/functionssearch.inc.php...

CVE-2017-15010

CVE-2017-15010 affects the Node.js tough-cookie module prior to version 2.3.3. It is a ReDoS vulnerability where processing a specially crafted HTTP Cookie header can cause high CPU usage. Vendors/adv advisories recommend upgrading to 2.3.3 or newer (e.g., 2.3.3+; Fedora/RH advisories mention 2.3...

BSA-2017-437

Security Advisory ID : BSA-2017-437 Component : Perl Revision : 2.0: Interim Buffer overflow in the regular expression parser in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service crash or leak data from memory via vectors involving use...

Regular Expression Denial Of Service (ReDoS)

forwarded is vulnerable to regular expression denial of service ReDoS. A flaw when the x-forwarded-for header is parsed causes the event loop to be blocked...

HPE Intelligent Management Center getSelInsBean Expression Language Injection (CVE-2017-12490)

An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to insufficient handling of a parameter used by the getSelInsBean method that was received from a prior GWT RPC request. A remote, authenticated attacker can exploit this...

Regular Expression Denial Of Service (ReDoS)

slug is vulnerable to regular expression denial of service ReDoS attacks. The library does not limit the type of characters that get parsed, allowing a malicious user to pass a string to the application to cause a ReDoS...

Regular Expression Denial Of Service (ReDoS)

string.js is vulnerable to regular expression denial of service ReDoS attacks. The library does not restrict the type of characters that get parsed, allowing a malicious user to pass a string to cause a ReDoS...

Regular Expression Denial of Service

Overview Affected versions of slug are vulnerable to a regular expression denial of service when parsing untrusted user input. The issue is low severity, as it takes 50,000 characters to cause the event loop to block for 2 seconds, About 50k characters can block the event loop for 2 seconds...

Regular Expression Denial of Service

Overview Affected versions of string are vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. Recommendation There is currently no direct patch for this vulnerability. Currently, the best solution ...

Regular Expression Denial of Service

Overview Affected versions of mime are vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. Recommendation Update to version 2.0.3 or later. References - Issue 167 - GitHub Advisory...

Regular Expression Denial of Service

Overview Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue. Recommendation Version 2.x.x: Update to...

FreeBSD : perl -- multiple vulnerabilities (d9e82328-a129-11e7-987e-4f174049b30a)

SO-AND-SO reports : CVE-2017-12814: $ENV$key stack-based buffer overflow on Windows A possible stack-based buffer overflow in the %ENV code on Windows has been fixed by removing the buffer completely since it was superfluous anyway. CVE-2017-12837: Heap buffer overflow in regular expression...

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to regular expression denial of service ReDoS attacks. An attacker can pass a markdown file to the library that when parsed can cause the system to slowdown and cause a ReDoS...

Regular Expression Denial of Service

Overview Affected versions of moment are vulnerable to a low severity regular expression denial of service when parsing dates as strings. Recommendation Update to version 2.19.3 or later. References - Issue 4163 - PR 4326 - GitHub Advisory...

Buffer overflow

Buffer overflow in the SgrokbslashN function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service application crash via a crafted regular expression with an invalid '\NU+...' escape...

CVE-2017-12883

Buffer overflow in the SgrokbslashN function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service application crash via a crafted regular expression with an invalid '\NU+...' escape...