34 matches found
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when including multiple regular expression parameters in a single segment, separated by something that is not a period .. Poor performance will block the event loop and can lead to a DoS. Note:...
SUSE CVE-2026-33169
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
DEBIAN-CVE-2026-33169
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
CVE-2026-33169
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
CVE-2026-33169
The connected advisory GHSA-CG4J-Q9V8-6V38 reports a ReDoS vulnerability in Rails Active Support: NumberToDelimitedConverter uses a gsub! regex for thousands delimiting, potentially causing quadratic time on long digit strings. Affected component: Active Support’s NumberToDelimitedConverter. Impa...
CVE-2026-33169
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
CVE-2026-33169 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
PT-2026-27256
Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1 Description The NumberToDelimitedConverter component utilizes a regular expression with gsub! to insert thousands...
EUVD-2024-0187
Malicious code in bioql PyPI...
Improper Handling of Case Sensitivity
Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity via the pathLoginAliasLookahead implementation. An attacker can gain unauthorized access and bypass authentication restrictions by leveraging inconsistent case-sensitivity checks. Remediation Upgrad...
Linux Distros Unpatched Vulnerability : CVE-2024-49768
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, follow...
Astra Linux - уязвимость в waitress
Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more requests, and when the...
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...
Important: python-waitress
Issue Overview: Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more...
Amazon Linux 2023 : python3-waitress (ALAS2023-2024-773)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-773 advisory. Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using...
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...