EUVD-2020-1489

Malware in sbrugna...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js fast-csv modules denial of service vulnerability( CVE-2020-26256)

Summary Potential Node.js fast-csv modules denial of service vulnerability CVE-2020-26256 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2020-26256 DESCRIPTION: Node.js fast-csv...

@questwork/authenticator (>=0.1.0 <=0.1.5), @questwork/qw-service-tools (>=0.0.8 <=0.1.4) +22 more potentially affected by CVE-2021-23561 via comb (>=0.0.6 <=2.0.0)

comb NPM version =0.0.6, =0.1.0, =0.0.8, =0.0.1, =1.0.3, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-23561 Source advisory: SNYK:JS-COMB-1730083...

Regular Expression Denial Of Service (ReDoS)

fast-csv is vulnerable to regular expression denial of service ReDoS. The vulnerability exists through the usage of the ignoreEmpty option when parsing...

CVE-2020-26256

Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. This has been patched in v4.3.6 You will...

CVE-2020-26256

Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. This has been patched in v4.3.6 You will...

Code injection

Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. This has been patched in v4.3.6 You will...

Regular Expression Denial of Service

Overview fast-csv and @fast-csv/parse before version 4.3.6 has a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. Impact You will only be affected by this if you use the ignoreEmpty parsing option. If you do use this option it is...

Regular Expression Denial of Service

Overview fast-csv and @fast-csv/parse before version 4.3.6 has a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. Impact You will only be affected by this if you use the ignoreEmpty parsing option. If you do use this option it is...

CVE-2020-26256

CVE-2020-26256 affects the fast-csv family (fast-csv and @fast-csv/parse) prior to version 4.3.6. The vulnerability is a Regular Expression Denial of Service (ReDoS) caused by the EMPTY_ROW_REGEXP when parsing with the ignoreEmpty option. A remote attacker could trigger a denial of service; docum...

CVE-2020-26256 Denial of service in fast-csv

Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. This has been patched in v4.3.6 You will...

@here/cli (>=1.5.0 <=1.6.1), @node-amazon/mws (>=0.0.2 <=0.0.3) +10 more potentially affected by CVE-2020-26256 via @fast-csv/parse (>=4.1.4 <=4.3.3)

@fast-csv/parse NPM version =4.1.4, =1.5.0, =0.0.2, =2.1.0, =1.0.0, =1.2.127, =1.2.135, =1.2.111, =6.42.0, =4.1.4, =0.0.1, =0.0.6 Source cves: CVE-2020-26256 Source advisory: OSV:GHSA-8CV5-P934-3HWP...

6brain (>=0.0.1 <=0.0.2), 6sense (>=0.0.1 <=1.0.4) +648 more potentially affected by CVE-2020-26256 via fast-csv (>=0.0.0 <=4.3.5)

fast-csv NPM version =0.0.0, =0.0.1, =0.0.1, =0.0.42, =3.8.0, =0.0.23, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.0.0, =0.0.3, =0.1.10 and more Source cves: CVE-2020-26256 Source advisory: OSV:GHSA-8CV5-P934-3HWP...

GHSA-8CV5-P934-3HWP Denial of service in fast-csv

Impact Possible ReDoS Regular Expression Denial of Service when using ignoreEmpty option when parsing. Patches This has been patched in v4.3.6 Workarounds You will only be affected by this if you use the ignoreEmpty parsing option. If you do use this option it is recommended that you upgrade to t...

UBUNTU-CVE-2018-13421

Fast C++ CSV Parser aka fast-cpp-csv-parser before 2018-07-06 has a heap-based buffer over-read in io::trimchars in csv.h...