EUVD-2023-0833

Malicious code in bioql PyPI...

Lunary 资源管理错误漏洞

lunary is lunary open source a production toolkit for LLM . A denial of service vulnerability exists in lunary that stems from the use of an insecure regular expression in the compileTextTemplate function. An attacker can exploit this vulnerability to cause a denial of service...

ChuanhuChatGPT 资源管理错误漏洞

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. ChuanhuChatGPT suffers from a denial of service vulnerability that stems from the use of an insecure regular expression. An attacker can...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Node.js cookiejar module ( CVE-2022-25901 )

Summary Node.js cookiejar module is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-25901. Vulnerability Details CVEID:CVE-2022-25901 DESCRIPTION: Node.js cookiejar module is vulnerable to a denial of service, caused by an insecure regular expression in the Cookie.parse function....

AZL-43867 CVE-2023-26115 affecting package js-jquery 3.5.0-4

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression within the result variable...

CVE-2023-26115

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression within the result variable...

CVE-2023-26115

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression within the result variable...

Design/Logic Flaw

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression within the result variable...

CVE-2023-26115

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression within the result variable...

word-wrap 安全漏洞

word-wrap is a library by Jon Schlinkert, an individual developer in the United States. It is used to wrap words to a specified length. A security vulnerability exists in word-wrap, which stems from the use of an insecure regular expression in the result variable...

CVE-2023-26118

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...

CVE-2023-26116

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service ReDoS via the angular.copy utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in...

CVE-2023-26118

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...

CVE-2023-26117

Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...

GHSA-H452-7996-H45H cookiejar Regular Expression Denial of Service via Cookie.parse function

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function and other aspects of the API, which use an insecure regular expression for parsing cookie values. Applications could be stalled for extended periods of time if...

CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

Regular Expression Denial Of Service (ReDoS)

activeattr is vulnerable to regular expression denial of service.The vulnerability exists in the call function of booleantypecaster.rb due to the usage of an insecure regular expression which allows an attacker to cause an application crash via malicious input...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression within the result variable. Note: The regex is vulnerable on its own, but the vulnerable function is not reachable as shipped in the package...

PT-2022-14933 · Css-What +2 · Css-What +2

Name of the Vulnerable Software and Affected Versions: css-what versions prior to 2.1.3 Description: The issue is related to a Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression in the re attr variable of index.js. This could be triggered via the parse...