EUVD-2021-2579

Malware in sbrugna...

EUVD-2021-0627

Malware in sbrugna...

ReDOS in IS-SVG

A vulnerability was discovered in IS-SVG version 4.3.1 and below where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string...

02-infrastructure (=1.0.0), 02vue_toast_demo (>=1.0.0 <=1.0.4) +11750 more potentially affected by CVE-2021-29059 via is-svg (>=2.1.0 <=4.2.2)

is-svg NPM version =2.1.0, =1.0.0, =1.0.4, =5.0.0, =1.0.3, =0.0.1, =1.0.2, =2.0.0, =1.1.8, =1.0.0, =1.0.4 - 4design =0.0.1 and more Source cves: CVE-2021-29059 Source advisory: OSV:GHSA-R8J5-H5CX-65GG...

GHSA-R8J5-H5CX-65GG ReDOS in IS-SVG

A vulnerability was discovered in IS-SVG version 4.3.1 and below where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string...

The vulnerability of the IS-SVG library of the NPM package manager, related to the allocation of unlimited memory, allows attackers to cause a service failure.

The vulnerability of the NPM package manager’s IS-SVG library is related to the allocation of unlimited memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Regular Expression Denial Of Service (ReDoS)

is-svg is vulnerable to regular expression denial of service. An attacker may input a malicious crafted SVG string, causing the system to crash...

CVE-2021-29059

A flaw was found in IS-SVG where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string. The highest threat from this vulnerability is to system availability...

CVE-2021-29059

A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string...

CVE-2021-29059

A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string...

Code injection

A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string...

CVE-2021-29059

A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string...

CVE-2021-29059

CVE-2021-29059 affects the IS-SVG library, with versions 2.1.0–4.2.2 and earlier, where a crafted invalid SVG string can trigger a Regular Expression Denial of Service (ReDOS) in the SVG validation/check process. The description does not specify affected vendors or products beyond IS-SVG, nor a p...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.2.3 security and bug fix update

Red Hat Advanced Cluster Management for Kubernetes 2.2.3 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

GHSA-7R28-3M3F-R2PR Regular Expression Denial of Service (ReDoS)

The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker provides a malicious string, is-svg will get stuck processing the input...

02-infrastructure (=1.0.0), 02vue_toast_demo (>=1.0.0 <=1.0.4) +11745 more potentially affected by CVE-2021-28092 via is-svg (>=2.1.0 <=4.2.1)

is-svg NPM version =2.1.0, =1.0.0, =1.0.4, =5.0.0, =1.0.3, =0.0.1, =1.0.2, =2.0.0, =1.1.8, =1.0.0, =1.0.4 - 4design =0.0.1 and more Source cves: CVE-2021-28092 Source advisory: OSV:GHSA-7R28-3M3F-R2PR...

Regular Expression Denial of Service (ReDoS)

The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker provides a malicious string, is-svg will get stuck processing the input...

02-infrastructure (=1.0.0), 02vue_toast_demo (>=1.0.0 <=1.0.4) +11750 more potentially affected by CVE-2021-28092 +1 more via is-svg (>=2.1.0 <=4.2.2)

is-svg NPM version =2.1.0, =1.0.0, =1.0.4, =5.0.0, =1.0.3, =0.0.1, =1.0.2, =2.0.0, =1.1.8, =1.0.0, =1.0.4 - 4design =0.0.1 and more Source cves: CVE-2021-28092, CVE-2021-29059 Source advisory: SNYK:JS-ISSVG-1243891...

CVE-2021-28092

A flaw was found in is-svg package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. The highest threat from this vulnerability is to availability...

Regular Expression Denial Of Service (ReDoS)

is-svg is vulnerable to regular expression denial of service. An attacker is able to crash the application via a malicious SVG/XML document due to the usage of an insecure regular expression...