af-core (>=0.1.0 <=0.1.8), af-lib (=0.1.1) +51 more potentially affected by CVE-2021-1000007 +1 more via parse_duration (>=1.0.3 <=2.1.1)

parseduration CARGO version =1.0.3, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.6.2, =0.6.2, =0.6.2, =0.1.0, =0.1.0, =0.3.12, =0.1.0, =0.1.0, =0.3.0 and more Source cves: CVE-2021-1000007, CVE-2021-29932 Source advisory: OSV:RUSTSEC-2021-0041...

The vulnerability in the `parse_cookies_header` function of the `utils.rb` module in the Rack web server and web application interface allows a attacker to compromise data integrity.

The vulnerability of the parsecookiesheader function in the utils.rb module of the Rack web server and web application interface is related to the lack of a mechanism for checking input data. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...

PT-2021-4098 · Libyang +2 · Libyang +2

Name of the Vulnerable Software and Affected Versions: libyang versions prior to 1.0.225 Description: The issue is related to a stack overflow in the libyang library, which can cause a denial of service. This occurs due to uncontrolled recursion of the lyxml parse elem function when lyxml parse m...

Regular Expression Denial Of Service (ReDoS)

html-parse-stringify2 is vulnerable to regular express denial of service ReDoS. The vulnerability exists through the regular expression of tagRE where parsing strings with multiple ' and " can consume huge amount of CPU resources...

CVE-2021-23346

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

CVE-2021-23346

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

CVE-2021-23346 Regular Expression Denial of Service (ReDoS)

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

CVE-2021-23346

CVE-2021-23346 affects Node.js packages html-parse-stringify and html-parse-stringify2. The vulnerability is a Regular Expression DoS (ReDoS) due to backtracking in parsing regex, which can cause the process to freeze and lead to a denial of service. IBM IBM Cloud Pak for Security CP4S versions 1...

CVE-2021-23346

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

html-parse-stringify 安全漏洞

Henrik Joreteg html-parse-stringify is an open source application by Henrik Joreteg. It provides a way to quickly parse HTML into an AST and stringify it to a raw string. A security vulnerability exists in html-parse-stringify before 2.0.1, which stems from the fact that sending certain inputs ma...

Denial of Service (DoS)

Overview github.com/pires/go-proxyproto is a Go library implementation of the PROXY protocol, versions 1 and 2. Affected versions of this package are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It wi...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. Google Android suffers from a security vulnerability that stems from an incorrect boundary check in Parseinsh in easmdls.c, which may write out of range. This could lead to the disclosure ...

4talent-questions-shortlist (=1.3.3), @42.nl/ui (>=1.0.7 <=1.0.9) +625 more potentially affected by CVE-2021-23346 via html-parse-stringify2 (=2.0.1)

html-parse-stringify2 NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on html-parse-stringify2 and may be impacted: - 4talent-questions-shortlist =1.3.3 - @42.nl/ui =1.0.7, =5.0.1, =0.1.0, =1.0.0, =0.2.0-alpha.1, =0.1.2, =0.9.9, =0.9.9,...

Regular Expression Denial of Service (ReDoS)

Overview html-parse-stringify is a https://github.com/henrikjoreteg/html-parse-stringify Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing...

Regular Expression Denial of Service (ReDoS)

Overview html-parse-stringify2 is a This is a fork of html-parse-stringify Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

OSV-2021-446 Global-buffer-overflow in AK::StringView::operator==

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31351 Crash type: Global-buffer-overflow READ 1 Crash state: AK::StringView::operator== Markdown::CodeBlock::parse bool Markdown::helper...

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

DEBIAN-CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...