15 matches found
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...
Regular Expression Denial of Service (ReDoS)
Overview fast-jwt is a Fast JSON Web Token implementation Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options when used with RegExp objects and RegExp is configured with nest...
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...
Regular Expression Denial of Service (ReDoS)
Overview addressable is an is an alternative implementation to the URI implementation that is part of Ruby's standard library. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the URI template matching due to the use of regular expressions with...
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...
Regular Expression Denial Of Service (ReDoS)
@modelcontextprotocol/sdk is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficiently constructed regular expressions with nested quantifiers in the UriTemplate class, which allows an attacker to supply a crafted URI that triggers catastrophic backtracki...
CVE-2025-68475
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...
Fedify has ReDoS Vulnerability in HTML Parsing Regex
Hi Fedify team! π Thank you for your work on Fedifyβit's a fantastic library for building federated applications. While reviewing the codebase, I discovered a Regular Expression Denial of Service ReDoS vulnerability that I'd like to report. I hope this helps improve the project's security. ---...
CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...
perl: heap-based buffer overflow in regular expression compiler leads to DoS
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...
perl: heap-based buffer overflow in regular expression compiler leads to DoS
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...
perl: heap-based buffer overflow in regular expression compiler leads to DoS
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...
perl: heap-based buffer overflow in regular expression compiler leads to DoS
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...