Google TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in Google TensorFlow versions prior to 2.6.0. The vulnerability stems from the MLIR optimization of the L2NormalizeReduceAxis operator. An attacker can exploit the vulnerability to cause a...

nodejs-normalize-url: ReDoS for data URLs

A flaw was found in normalize-url. Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data...

nodejs-normalize-url: ReDoS for data URLs

A flaw was found in normalize-url. Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data...

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2021:2932)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2932 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:2931)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2931 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...

@pixelastic/videogames-helper (>=0.2.2 <=0.2.3), aberlaas (>=1.21.0 <=1.23.0) +6 more potentially affected by CVE-2021-33502 via normalize-url (=6.0.0)

normalize-url NPM version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on normalize-url and may be impacted: - @pixelastic/videogames-helper =0.2.2, =1.21.0, =2.13.0, =2.3.0, =4.0.0, =5.0.0 - pietro =0.6.1 Source cves: CVE-2021-33502 Source...

@cumulus/api-client (=1.19.0), @github1/ajax-service (>=0.4.0 <=0.4.55) +55 more potentially affected by CVE-2021-33502 via normalize-url (>=5.0.0 <=5.3.0)

normalize-url NPM version =5.0.0, =0.4.0, =1.0.1, =0.8.0, =0.8.0, =0.8.0, =0.8.0, =0.8.0, =0.8.0, =1.0.1, =0.8.7, =0.8.0, =0.8.0, =1.0.1, =0.8.0, =0.8.97 and more Source cves: CVE-2021-33502 Source advisory: OSV:GHSA-PX4H-XG32-Q955...

@github1/ajax-service (>=0.4.0-next.0 <=0.4.44), @github1/react-redux-common-modules (>=0.4.39-next.0 <=0.4.39-next.8) +47 more potentially affected by CVE-2021-33502 via normalize-url (>=4.3.0 <=4.5.0)

normalize-url NPM version =4.3.0, =0.4.0-next.0, =0.4.39-next.0, =5.1.0, =5.7.5 - @plaa/metascraper =5.4.0 - @plaa/metascraper-amazon =5.4.0 - @plaa/metascraper-audio =5.4.0 - @plaa/metascraper-author =5.4.0 - @plaa/metascraper-date =5.4.0 - @plaa/metascraper-description =5.4.0 -...

GHSA-PX4H-XG32-Q955 ReDoS in normalize-url

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

CVE-2021-33502

A flaw was found in normalize-url. Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data...

Regular Expression Denial Of Service (ReDoS)

normalize-url is vulnerable to regular expression denial of service. The usage of an insecure regex allows an attacker to cause a denial of service condition via a malicious URL string...

AZL-44850 CVE-2021-33502 affecting package nodejs-nodemon 2.0.3-5

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

DEBIAN-CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

Denial of service

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

UBUNTU-CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

CVE-2021-33502

CVE-2021-33502 affects the normalize-url package for Node.js. Concrete details show a ReDoS issue where data URLs trigger exponential backtracking, impacting versions: 4.x up to 4.5.1, 5.x up to 5.3.1, and 6.x up to 6.0.1. The vulnerability arises from an exponential-backoff/regex pattern in hand...