85 matches found
CVE-2020-36830
A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The...
USN-7476-1 python-scrapy vulnerabilities
It was discovered that Scrapy improperly exposed HTTP authentication credentials to request targets, including during redirects. An attacker could use this issue to gain unauthorized access to user accounts. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-41125 It was...
Denial Of Service (DoS)
@apollo/gateway is vulnerable to a Denial Of Service DoS. The vulnerability is due to inefficient query planning due to internal optimizations being bypassed when processing deeply nested and reused named fragments...
Regular Expression Denial Of Service
uptime-kuma is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regex processing due to catastrophic backtracking triggered by crafted input during notification creation via the web service...
Security Bulletin: Vulnerability in Psf Requests affects watsonx.data
Summary Psf Requests is vulnerable to bypass security restrictions, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be...
Regular Expression Denial of Service (ReDoS)
Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to inefficient cookie parsing that results in quadratic performance. An attacker...
Taming API Sprawl: Best Practices for API Discovery and Management
APIs are the backbone of interconnected applications, enabling organizations to innovate, integrate, and scale rapidly. However, as enterprises continue to expand their digital ecosystems, they often encounter a common and complex challenge: API sprawl. Unchecked, API sprawl can lead to increased...
PT-2024-39535
Name of the Vulnerable Software and Affected Versions Langflow versions up to 1.0.18 Description A problematic vulnerability was found in Langflow, affecting an unknown functionality of the file srcbackendbaselangflowinterfaceutils.py of the component HTTP POST Request Handler. The manipulation o...
The vulnerability of the configobj program for reading and writing INI files lies in the use of a regular expression c, which has an inefficient computational cost. This allows attackers to trigger a service failure.
The vulnerability of the configobj program for reading and writing INI files is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
Setuptools: Denial of Service
Background Setuptools is a manager for Python packages. Description A vulnerability has been discovered in Setuptools. See the impact field. Impact An inefficiency in a regular expression may end in a denial of service if an user is fetching malicious HTML from a package in PyPI or a custom...
The vulnerability of the modular interface between web servers and web applications in Rack, related to the inefficient complexity of regular expressions, allows attackers to trigger service failures.
The vulnerability of the modular interface between web servers and web applications in Rack relates to the processing of input data, which can take an unexpected amount of time. Exploiting this vulnerability allows a malicious actor to cause service failures...
The code uses assembly for memory allocation, which can be complex and prone to errors.
Lines of code Vulnerability details Impact The code uses assembly for memory allocation, which can be complex and prone to errors. Inefficient memory management can lead to gas inefficiency and potential vulnerabilities. Proof of Concept The code uses assembly for memory allocation, which can be...
Debian dla-3428 : node-nth-check - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3428 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3428-1 [email protected] https://www.debian.org/lts/security/...
CVE-2023-30858
The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the...
Design/Logic Flaw
The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the...
CVE-2023-30858
The CVE-2023-30858 entry describes a ReDoS in the Denosaurs emoji package (Denosaurs emoji) due to the reTrimSpace regex with a 2nd‑degree polynomial inefficiency in versions 0.1.0 through 0.3.0, causing delayed responses on large payloads. The issue is patched in version 0.3.0; a workaround is t...
CVE-2023-30858 Denosaurs emoji has ReDoS vulnerability in `replace` function
The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the...
emoji 安全漏洞
emoji is a simple emoticon from the Denosaurs team that supports the node.js project. A security vulnerability exists in Denosaurs emoji version 0.1.0 up to and including version 0.3.0, which stems from an inefficient second-order polynomial in a regular expression, resulting in a delayed respons...
ReDoS vulnerability in `strip` function
Description The reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. Proof of Concept import as emoji from "https://deno.land/x/[email protected]/mod.ts"; const input = '\x00' + '\t'.repeat154773 + '\t\x00'; const start = performance.now;...
SUSE CVE-2021-34549
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency...