Lucene search
+L

170 matches found

Github Security Blog
Github Security Blog
added 2022/11/10 12:1 p.m.21 views

cleo is vulnerable to Regular Expression Denial of Service (ReDoS)

An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...

7.5CVSS7.3AI score0.00909EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2022/11/10 12:1 p.m.58 views

GHSA-2P9H-CCW7-33GF cleo is vulnerable to Regular Expression Denial of Service (ReDoS)

An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...

5.9CVSS6.4AI score0.00909EPSS
Exploits1References8
FreeBSD
FreeBSD
added 2022/11/10 12:0 a.m.19 views

py-pymatgen -- regular expression denial of service

An exponential ReDoS Regular Expression Denial of Service can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.fromstring method...

7.5CVSS7.5AI score0.00816EPSS
Exploits1References1
NVD
NVD
added 2022/10/16 6:15 a.m.19 views

CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

7.5CVSS0.01546EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2022/10/16 6:15 a.m.38 views

CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

7.5CVSS6.7AI score0.01546EPSS
Exploits1References3
Prion
Prion
added 2022/10/16 6:15 a.m.17 views

Code injection

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled...

5CVSS7.4AI score0.01546EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/16 12:0 a.m.5 views

PT-2022-26687

Name of the Vulnerable Software and Affected Versions py versions through 1.11.0 Description The py library allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled...

8.7CVSS7.2AI score0.01546EPSS
Exploits1References47
Vulnrichment
Vulnrichment
added 2022/10/16 12:0 a.m.5 views

CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

5.3CVSS7.5AI score0.01546EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/10/16 12:0 a.m.38 views

CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

5.3CVSS7.7AI score0.01546EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2022/10/16 12:0 a.m.35 views

CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

7.5CVSS6.1AI score0.01546EPSS
Exploits1
OSV
OSV
added 2022/10/16 12:0 a.m.32 views

CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

5.3CVSS5.3AI score0.01546EPSS
Exploits1References6
OSV
OSV
added 2022/09/30 5:15 a.m.2 views

DEBIAN-CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

7.5CVSS7.3AI score0.01462EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2022/08/31 10:23 p.m.28 views

Polynomial regular expression used on uncontrolled data in nitrado.js

Impact Possible ReDoS with lib input of and with many repetitions of | Patches Patched in all versions above 0.2.5 Workarounds No known work arounds. References - OWASP: Regular expression Denial of Service - ReDoS - Wikipedia: ReDoS. - Wikipedia: Time complexity. - James Kirrage, Asiri Rathnayak...

7.5CVSS7.3AI score0.00784EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/07/14 12:0 a.m.13 views

jquery-validation 安全漏洞

npm jquery-validation is npm's way of providing plug-in validation for your existing forms while making it easy to customize them to fit your application. A security vulnerability exists in jquery-validation versions prior to 1.19.5, which stems from a ReDoS that can be triggered in the...

7.5CVSS7.6AI score0.02026EPSS
Exploits1References6
Veracode
Veracode
added 2022/07/09 9:0 p.m.22 views

Regular Expression Denial Of Service (ReDoS)

py3-mistune is vulnerable to regular expression denial of service. An attacker is able crash the system by injecting a maliciously crafted string into ASTERISKEMPHASIS...

7.5CVSS7.3AI score0.01205EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/25 12:0 a.m.35 views

Duplicate Advisory: ReDoS via crafted JSON input in GJSON

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ppj4-34rq-v8j9. This link is maintained to preserve external references. Original Description GJSON = 1.9.2 allows attackers to cause a redos via crafted JSON input...

7.3AI score
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/24 5:40 p.m.22 views

GHSA-JV4C-7JQQ-M34X CKEditor 4 ReDoS Vulnerability

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...

6.5CVSS6.6AI score0.01962EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2022/05/20 10:50 p.m.38 views

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

6.5CVSS5.2AI score0.02223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2022/05/06 1:59 a.m.42 views

CVE-2022-29167

A regular expression denial of service ReDoS was found in Hawk in its header parsing functionality. The issue arises from inadequate input validation in the Hawk.utils.parseHost function when processing untrusted input with regular expressions. This flaw allows an attacker to send a specially...

7.5CVSS7.1AI score0.01028EPSS
Exploits0References4
OSV
OSV
added 2022/03/10 5:42 p.m.40 views

CVE-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

6.5CVSS6.6AI score0.04675EPSS
Exploits1References9
Rows per page
Query Builder