AZL-43849 CVE-2017-20162 affecting package nodejs-nodemon 2.0.3-4

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

AZL-45201 CVE-2017-20162 affecting package nodejs-nodemon 2.0.3-5

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

CVE-2017-20162

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

UBUNTU-CVE-2017-20162

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

Design/Logic Flaw

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

CVE-2017-20162 vercel ms index.js parse redos

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

CVE-2017-20162

CVE-2017-20162 affects the Vercel ms package up to 1.x. The vulnerability lies in the parse function of index.js, where manipulating the string argument (str) enables a regular expression denial of service (ReDoS). The issue can be exploited remotely; a public exploit has been disclosed. Remediat...

PT-2023-10614 · Vercel · Vercel Ms

Name of the Vulnerable Software and Affected Versions: vercel ms versions up to 1.x Description: A problematic issue has been found in the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated...

CVE-2022-45213

perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL...

Code injection

perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL...

perfSONAR 安全漏洞

perfSONAR is a widely deployed test and measurement infrastructure used by scientific networks and facilities around the world to monitor and ensure network performance. A security vulnerability exists in perfSONAR versions prior to 4.4.6, which stems from the ability to use the "parse" option on...

GHSA-9C47-M6QQ-7P4H Prototype Pollution in JSON5 via Parse Method

The parse method of the JSON5 library before and including version 2.2.1 does not restrict parsing of keys named proto, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by JSON5.parse and not the...

Prototype Pollution in JSON5 via Parse Method

The parse method of the JSON5 library before and including version 2.2.1 does not restrict parsing of keys named proto, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by JSON5.parse and not the...

AZL-12123 CVE-2022-42898 affecting package samba 4.12.5-7

PAC parsing in MIT Kerberos 5 aka krb5 before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution in KDC, kadmind, or a GSS or Kerberos application server on 32-bit platforms which have a resultant heap-based buffer overflow, and cause a denial of service ...

CVE-2022-46175

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named proto, allowing specially crafted strings t...

DEBIAN-CVE-2022-46175

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named proto, allowing specially crafted strings t...

CVE-2022-46175

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named proto, allowing specially crafted strings t...

PT-2022-7147 · Json5 +4 · Json5 +4

Name of the Vulnerable Software and Affected Versions: json5 versions 1.0.1 and earlier json5 versions 2.2.1 and earlier Description: The parse method of the json5 library does not restrict parsing of keys named proto , allowing specially crafted strings to pollute the prototype of the resulting...

PT-2022-9013 · Unknown · Ewxrjk Sftpserver

Name of the Vulnerable Software and Affected Versions: ewxrjk sftpserver affected versions not specified Description: A vulnerability was found in the ewxrjk sftpserver, affecting the function sftp parse path of the file parse.c. The manipulation leads to an uninitialized pointer. The real...

Green End SFTP Server 安全漏洞

Green End SFTP Server is an SFTP server supporting protocol version 6 by Richard Kettlewell, an individual developer. A security vulnerability exists in Green End SFTP Server that stems from an uninitialized pointer due to the sftpparsepath function in its parse.c file...