Astra Linux - уязвимость в node-cookiejar

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS attacks through the Cookie.parse function, which uses an insecure regular expression...

CVE-2023-26117

Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...

CVE-2023-26117

Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...

DEBIAN-CVE-2023-26118

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...

CVE-2023-26116

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service ReDoS via the angular.copy utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in...

UBUNTU-CVE-2023-26117

Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...

UBUNTU-CVE-2023-26118

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...

Regular Expression Denial of Service (ReDoS)

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is...

Regular Expression Denial of Service (ReDoS)

Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...

Regular Expression Denial of Service (ReDoS)

Overview zxcvbn is a realistic password strength estimation Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the repeatmatch functionality, due to the usage of an insecure regex in lazyanchored variable. PoC js const zxcvbn = require"zxcvbn";...

Design/Logic Flaw

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression. PoC js const CookieJar = require"cookiejar"; const jar = new CookieJar; const start = performance.now; const attack = "...

CVE-2022-25918

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function...

CVE-2022-25918

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function...

Code injection

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function...

CVE-2022-25918

CVE-2022-25918 affects the npm package shescape (versions 1.5.10 and earlier than 1.6.1). The vulnerability is a Regular Expression Denial of Service (ReDoS) in the escape function (index.js) caused by an insecure regex in escapeArgBash. Exploitation can cause high CPU usage or denial of service ...

CVE-2022-25918 Regular Expression Denial of Service (ReDoS)

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function...

Regular Expression Denial Of Service (ReDoS)

steal is vulnerable to prototype pollution. The vulnerability is possible because of the use of insecure regular expression for input in main.js, causing an application crash...

PT-2022-17572 · Terser +2 · Terser +2

Name of the Vulnerable Software and Affected Versions: terser versions prior to 4.8.1 terser versions 5.0.0 through 5.14.2 Description: The issue is related to a Denial of Service by Regular Expression ReDoS due to the insecure usage of regular expressions. This can lead to a service disruption...