Regular Expression Denial of Service (ReDoS)

Overview html-parse-stringify2 is a This is a fork of html-parse-stringify Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

OSV-2021-446 Global-buffer-overflow in AK::StringView::operator==

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31351 Crash type: Global-buffer-overflow READ 1 Crash state: AK::StringView::operator== Markdown::CodeBlock::parse bool Markdown::helper...

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

DEBIAN-CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

UBUNTU-CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

Path traversal

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

EulerOS 2.0 SP2 : ruby (EulerOS-SA-2021-1356)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Onigmo through 6.2.0 has a NULL pointer dereference in onigerrorcodetostr because of fetchtoken in regparse.c.CVE-2019-16161 - Onigmo through 6.2....

url-parse security vulnerability

Arnout Kazemier url-parse is an application by the individual developer Arnout Kazemiere Arnout Kazemier, USA. It provides url parsing. A security vulnerability exists in url-parse before version 1.5.0 that stems from incorrectly handling certain uses of backslashes, such as http: /, and...

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

CVE-2021-27515

CVE-2021-27515 affects the url-parse library (before 1.5.0), where backslash sequences in the protocol (e.g., http:/ or http:) can cause the parser to treat the URI as a relative path. Public advisories (Debian/Ubuntu) list this alongside other url-parse issues and indicate fixes via package upgr...

PT-2021-17488 · Parse-Url +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.5.0 Description: The issue concerns the mishandling of certain uses of backslash in URLs, such as http:/, which are interpreted as relative paths instead of proper URLs. Recommendations: For versions prior to...

960.css (=1.0.0), @4site/engrid-styles (>=0.2.19 <=0.2.24) +124 more potentially affected by CVE-2021-23343 via path-parse (>=1.0.5 <=1.0.6)

path-parse NPM version =1.0.5, =0.2.19, =0.1.1, =7.0.0, =0.2.0, =0.17.0, =0.17.0, =0.19.0, =0.17.0, =0.23.0, =0.17.0, =0.17.0, =0.17.1 - @choerodon/issue =0.17.0 and more Source cves: CVE-2021-23343 Source advisory: SNYK:JS-PATHPARSE-1077067...

Regular Expression Denial of Service (ReDoS)

Overview path-parse is a Node.js path.parse ponyfill Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity. PoC var pathParse =...

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

AZL-6827 CVE-2021-23336 affecting package python2 for versions less than 2.7.18-8

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

CVE-2021-23336 Web Cache Poisoning

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...