170 matches found
CVE-2023-39174
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers...
CVE-2023-39174
JetBrains TeamCity prior to 2023.05.2 is affected by CVE-2023-39174 due to a Regular Expression Denial of Service (ReDoS) flaw introduced by the integration with issue trackers. Documented impact is a potential DoS; no exploitation details are provided. Mitigation per connected sources is to upgr...
CVE-2023-39174
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers...
PT-2023-26829 · Jetbrains · Teamcity
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2023.05.2 Description: A ReDoS attack was possible via integration with issue trackers. This issue allows for a denial-of-service attack by exploiting regular expressions. Recommendations: For versions pri...
OESA-2023-1440 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a...
openSUSE 15 Security Update : python-Django (SUSE-SU-2023:2839-1)
The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2839-1 advisory. - CVE-2023-31047: Fixed a potential bypass of validation when uploading multiple files using one form field bsc1210866. - CVE-2023-36053: Fixed...
CVE-2023-36053
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...
CVE-2023-36053
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...
CVE-2023-32758
giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...
CentOS 8 : nodejs:16 (CESA-2023:1582)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:1582 advisory. - The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...
FreeBSD : py39-py -- Regular expression Denial of Service vulnerability (28a37df6-ba1a-4eed-bb64-623fc8e8dfd0)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 28a37df6-ba1a-4eed-bb64-623fc8e8dfd0 advisory. - The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expressio...
SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2023:0608-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0608-1 advisory. Update to LTS version 16.19.1: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via...
CVE-2023-26103
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...
CVE-2023-24807
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...
undici 安全漏洞
undici is an HTTP/1.1 client. A security vulnerability exists in undici versions prior to 5.19.1 that stems from vulnerability to regular expression denial of service ReDoS attacks when passing untrusted values to functions...
SUSE CVE-2022-42969
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...
UBUNTU-CVE-2023-22799
A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediate...
CVE-2023-23925
The CVE-2023-23925 entry concerns the Switcher Client JavaScript SDK (Switcher API). Affects the strategy match operation (EXIST) where unsanitized input is used to build a regular expression, enabling a Regular Expression Denial of Service (ReDoS). Impact is indicated as high; CVSS vectors show ...
PT-2023-18703
Name of the Vulnerable Software and Affected Versions GlobalID versions 0.2.1 through 1.0.0 Rails versions 7.0.0 through 7.0.4 Description A ReDoS based DoS vulnerability in GlobalID could allow an attacker to cause the regular expression engine to take an unexpected amount of time with a careful...
PT-2022-6568
Name of the Vulnerable Software and Affected Versions Python Charmers Future versions 0.18.2 and earlier Description The issue is related to improper input validation when handling the Set-Cookie header, allowing a remote attacker to send a specially crafted HTTP request and perform a denial of...