70 matches found
CVE-2024-28102 JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
Affected version Vendor: https://github.com/latchset/jwcrypto Version: 1.5.5 Description An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this Token, it will consume a lot of memory and processing time. Poc python from...
BIT-MEDIAWIKI-2021-41799
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. ApiQueryBacklinks action=query&list=backlinks can cause a full table scan...
CVE-2023-41706
Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined...
CVE-2023-41707
Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated...
GHSA-G8P6-P27C-52FX Eclipse Parsson Denial of Service vulnerability
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processi...
CVE-2023-4043
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processi...
CVE-2023-4043 Parsson DoS when parsing numbers from untrusted sources
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processi...
Chaijs/get-func-name vulnerable to ReDoS
The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks. The regex implementation in question is as follows: js const functionNameMatch = /\sfunction?:\s|\s/^?:/+\/\s^\s/+/; This vulnerability can be exploited...
Input validation
get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...
CVE-2023-43646 Inefficient Regular Expression Complexity in get-func-name
get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...
CVE-2023-43646
get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...
CVE-2023-43646 Inefficient Regular Expression Complexity in get-func-name
get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...
Regular Expression Denial Of Service (ReDoS)
globalid is vulnerable to Regular Expression Denial of Service ReDoS attacks. The vulnerability exists in the model name parsing section of the library, which allows an attacker to significantly slow down the processing time via passing a carefully crafted input...
CVE-2020-7753
A flaw was found in the npm library trim where a specifically crafted input can cause a regular expression to take an abnormal amount of time to compute. All versions of package trim are vulnerable to Regular Expression Denial of Service ReDoS DNP via trim...
Debian: Security Advisory (DSA-5235-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-41799
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. ApiQueryBacklinks action=query&list=backlinks can cause a full table scan...
Code injection
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. ApiQueryBacklinks action=query&list=backlinks can cause a full table scan...
CVE-2021-23424
This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...
Regular Expression Denial of Service (ReDoS)
Overview ansi-html is an An elegant lib that converts the chalked ANSI text to HTML. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time. PoC...