Regular Expression Denial Of Service (ReDoS)

sideway/formula is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in index.js due to regular expression complexity which allows attacker to provide crafted strings to the formula's parser that might lead to polynomial execution time causing an application crash...

GHSA-C2JC-4FPR-4VHG @sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability

Impact User-provided strings to formula's parser might lead to polynomial execution time. Patches Users should upgrade to 3.0.1+. Workarounds None...

@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability

Impact User-provided strings to formula's parser might lead to polynomial execution time. Patches Users should upgrade to 3.0.1+. Workarounds None...

Design/Logic Flaw

formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability...

Inefficient Regular Expression Complexity in chocobozzz/peertube

Description Hello Again dear Peertube team. I found inefficient regular expression in that have a Polynomial execution time that can be lead to ReDoS attacks and it is better to replace it with another regex or Use google re2 regex engine for server sides code. Proof of Concept I create two...

Inefficient Regular Expression Complexity in faisalman/ua-parser-js

Description Hello my dear I found another inefficient regular expression in ua-parser-js that have a Polynomial execution time not exponential but still dangerous. Proof of Concept I create two payloads that you can compare the execution times between them in Regexr provided links. payload 1...