CVE-2021-46344

There is an Assertion 'flags & PARSERPATTERNHASRESTELEMENT' failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0...

CVE-2021-46344

There is an Assertion 'flags & PARSERPATTERNHASRESTELEMENT' failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0...

log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...

log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...

log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...

log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...

log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...

Security Bulletin: IBM Integrated Analytics System is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary Apache Log4j is used by IBM Integrated Analytics System in the Db2 warehouse container as part of its logging infrastructure. The fix includes includes Apache Log4j 2.17.0. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused b...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS which can cause the CPU usage to crash. PoC python 1. Create the following program: import urlregex import re from datetime import datetime def payloadnumberofword: s='' for counter in...

OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

UBUNTU-CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

Apache Log4j SQL注入漏洞

Apache Log4j, a Java-based open source logging tool from the Apache Foundation, is vulnerable to SQL injection, which stems from a JDBCAppender in Log4j 1.2.x that accepts a SQL statement as a configuration parameter, where the value to be inserted is from the PatternLayout's converter. The messa...

France Fines Google, Facebook €210 Million Over Privacy Violating Tracking Cookies

The Commission nationale de l'informatique et des libertés CNIL, France's data protection watchdog, has slapped Facebook now Meta Platforms and Google with fines of €150 million $170 million and €60 million $68 million for violating E.U. privacy rules by failing to provide users with an easy opti...

GHSA-566M-QJ78-RWW5 Regular Expression Denial of Service in postcss

The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern regex /\s sourceMappingURL=. PoC js var...

GHSA-4HPF-3WQ7-5RPR Regular expression deinal of service (ReDoS) in is-my-json-valid

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-45046)

Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Tivoli Netcool Impact to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

Security Bulletin: Apache Log4j vulnerabilities, CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15), affect IBM SPSS Statistics Desktop

Summary There are multiple Apache Log4j CVE-2021-45105, CVE-2021-45046 vulnerabilities impacting IBM SPSS Statistics Desktop which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of...

ALPINE-CVE-2021-44540

A vulnerability was found in Privoxy which was fixed in geturlspecparam by freeing memory of compiled pattern spec before bailing...