Lucene search
+L

170 matches found

Veracode
Veracode
added 2024/11/08 10:40 a.m.17 views

Regular Expression Denial Of Service (ReDoS)

Foundation is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of inefficient or poorly optimized regular expressions, allows an attacker for excessive backtracking, which can be exploited in a ReDoS attack to overwhelm the system with resource-intensi...

8.7CVSS7AI score0.00513EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2024/10/15 4:58 p.m.17 views

CVE-2024-9506

A flaw was found in Vue.js. Within the parseHTML function of html-parser.ts, there is a regular expression regex to check for proper closing tags for HTML. However, due to an improperly written regex, when you pass a script containing long text, it will trigger a regular expression denial of...

3.1CVSS6.7AI score0.00507EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/10/08 9:55 p.m.12 views

CVE-2024-25885

A flaw was found in xhtml2pdf’s getcolor function in utils.py. This flaw allows an attacker to trigger a Regular expression Denial of Service ReDOS via specially crafted input...

4.3CVSS7.2AI score0.00636EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/10/08 12:0 a.m.20 views

CVE-2024-25885

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

0.00636EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/08 12:0 a.m.10 views

CVE-2024-25885

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

7.4AI score0.00636EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/09/17 1:45 p.m.8 views

CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

3.1CVSS7.2AI score0.01546EPSS
Exploits1References3
OSV
OSV
added 2024/07/23 2:10 p.m.6 views

GHSA-8H55-Q5QQ-P685 (ReDoS) Regular Expression Denial of Service in tf2-item-format

Summary Versions of tf2-item-format since at least 4.2.6 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. Tested Versions - 5.9.13 - 5.8.10 - 5.7.0 - 5.6.17 - 4.3.5 - 4.2.6 v5 Upgrade package to ^5.9.14 v4 No patch exists. Please consult the v...

8.7CVSS7.4AI score0.00766EPSS
Exploits0References5
OSV
OSV
added 2024/06/06 6:9 p.m.8 views

CVE-2024-5552 ReDoS in kubeflow/kubeflow

kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service ReDoS attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes th...

7.5CVSS7.1AI score0.00649EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:4 a.m.27 views

BIT-PILLOW-2021-25292

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

6.5CVSS7.1AI score0.01635EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:51 a.m.32 views

BIT-DJANGO-2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

7.5CVSS7.3AI score0.02978EPSS
Exploits0References10
OSV
OSV
added 2024/02/29 12:15 a.m.3 views

UBUNTU-CVE-2024-25126

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. This vulnerability is patched in 3.0.9.1 and 2.2.8.1...

7.5CVSS6.6AI score0.35376EPSS
Exploits1References6
Prion
Prion
added 2024/02/28 12:15 a.m.50 views

Code injection

Parts of the Scrapy API were found to be vulnerable to a ReDoS attack. Handling a malicious response could cause extreme CPU and memory usage during the parsing of its content, due to the use of vulnerable regular expressions for that parsing...

5CVSS7.1AI score0.00553EPSS
Exploits1References2
CVE
CVE
added 2024/02/28 12:0 a.m.103 views

CVE-2024-1892

CVE-2024-1892 is a ReDoS vulnerability in Scrapy’s XMLFeedSpider class during XML parsing. The issue arises from inefficient regular expressions used in parsing XML content, enabling an attacker to cause a denial-of-service by crafting malicious XML that can exhaust CPU and memory, potentially ma...

7.5CVSS7.3AI score0.00553EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2023/11/08 2:26 p.m.14 views

rubygem-actionpack: Denial of Service in Action Dispatch

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in Action Dispatch related to the If-None-Match header. By sending a specially-crafted HTTP If-None-Match header, a remote attacker...

7.5CVSS6.7AI score0.02278EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/10/15 12:0 a.m.28 views

Fedora 38 : python-asgiref / python-django (2023-cc023fabb7)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-cc023fabb7 advisory. Security fix for CVE-2023-43665, CVE-2023-41164, and CVE-2023-36053 Tenable has extracted the preceding description block directly from the Fedora...

7.5CVSS6.8AI score0.02978EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/29 12:0 a.m.25 views

TeamCity Server < 2023.05.2 Multiple Vulnerabilities

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.05.2. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain...

8.8CVSS6.8AI score0.01417EPSS
Exploits0References4
Debian
Debian
added 2023/09/12 1:0 a.m.26 views

[SECURITY] [DLA 3561-1] node-cookiejar security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3561-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb September 11, 2023 https://wiki.debian.org/LTS -...

7.5CVSS6.3AI score0.01546EPSS
Exploits1
OSV
OSV
added 2023/07/25 3:15 p.m.4 views

CVE-2023-39174

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers...

7.5CVSS5.8AI score0.01417EPSS
Exploits0References1
NVD
NVD
added 2023/07/25 3:15 p.m.20 views

CVE-2023-39174

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers...

7.5CVSS5.9AI score0.01417EPSS
Exploits0References1
Prion
Prion
added 2023/07/25 3:15 p.m.30 views

Information disclosure

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers...

5CVSS7.5AI score0.01417EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder