EUVD-2021-2445

Malware in sbrugna...

EUVD-2022-0618

Malicious code in bioql PyPI...

GHSA-HP68-XHVJ-X6J6 jsx-slack insufficient patch for CVE-2021-43838 ReDoS

We found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient to save from Regular Expression Denial of Service ReDoS attack. This vulnerability affects to jsx-slack v4.5.1 and earlier versions. Impact If attacker can put a lot of JSX elements into tag with including multibyte...

jsx-slack insufficient patch for CVE-2021-43838 ReDoS

We found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient to save from Regular Expression Denial of Service ReDoS attack. This vulnerability affects to jsx-slack v4.5.1 and earlier versions. Impact If attacker can put a lot of JSX elements into tag with including multibyte...

Regular Expression Denial Of Service (ReDoS)

jsx-slack is vulnerable to regular expression denial of service. The vulnerability exists due to the blockquote tags are not properly validated, allowing an attacker to cause an application crash...

CVE-2021-43843

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...

CVE-2021-43843

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...

Design/Logic Flaw

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...

CVE-2021-43843

CVE-2021-43843 concerns the jsx-slack package, where the patch for CVE-2021-43838 in v4.5.1 failed to fully protect against a ReDoS caused by multibyte characters in a blockquote. The issue affects jsx-slack’s internal escaping regex, potentially increasing resource usage when many JSX elements a...

CVE-2021-43843 Insufficient patch for Regular Expression Denial of Service (ReDoS) to jsx-slack v4.5.1

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...

jsx-slack 安全漏洞

jsx-slack builds JSON objects from JSX for the Slack block suite surface. A security vulnerability exists in jsx-slack, which stems from the fact that the CVE-2021-43838 patch is not sufficient to prevent regular expressions in the CNNVD-202112-2019 tag, then regular expressions used internally t...

Regular Expression Denial of Service (ReDoS) in jsx-slack

jsx-slack v4.5.1 and earlier versions are vulnerable to a regular expression denial-of-service ReDoS attack. Impact If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. javascript /...

GHSA-55XV-F85C-248Q Regular Expression Denial of Service (ReDoS) in jsx-slack

jsx-slack v4.5.1 and earlier versions are vulnerable to a regular expression denial-of-service ReDoS attack. Impact If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. javascript /...

CVE-2021-43838

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service ReDoS attack. If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping character...

CVE-2021-43838

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service ReDoS attack. If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping character...

CVE-2021-43838 Regular Expression Denial of Service (ReDoS) in jsx-slack

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service ReDoS attack. If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping character...

CVE-2021-43838

The vulnerability CVE-2021-43838 affects the jsx-slack package (<= version 4.5.1). An internal regular expression used to escape blockquote content can suffer catastrophic backtracking when encountering multibyte characters inside a , potentially allowing a ReDoS-type resource exhaustion. Conn...

jsx-slack 安全漏洞

jsx-slack builds JSON objects from JSX for the Slack block suite surface. A security vulnerability exists in jsx-slack that stems from the software's lack of effective processing and filtering of regular expressions, which makes users susceptible to Regular Expression Denial of Service ReDoS...

PT-2021-23973 · Jsx-Slack · Jsx-Slack

Name of the Vulnerable Software and Affected Versions: jsx-slack versions 4.5.1 and earlier Description: The issue is related to a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements into the tag with including multibyte characters, an internal regular...

PT-2021-23969 · Jsx-Slack · Jsx-Slack

Name of the Vulnerable Software and Affected Versions: jsx-slack versions prior to 4.5.1 Description: The issue concerns a regular expression denial-of-service ReDoS attack. If an attacker can put a lot of JSX elements into the tag, an internal regular expression for escaping characters may consu...