13 matches found
EUVD-2024-20838
Malicious code in bioql PyPI...
CVE-2021-33580
User controlled request.getHeader"Referer", request.getRequestURL and request.getQueryString are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the...
CVE-2025-46821 Envoy vulnerable to bypass of RBAC uri_template permission
Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the character from a set of valid characters in the URI path. As a result URI path containing the character will not match a URI template...
GHSA-78HM-5HJW-58MH ua-parser/uap-php ReDoS vulnerability
A regex expression in ua-parser/uap-php could lead to a ReDoS vulnerability in versions prior to 3.8.0...
ua-parser/uap-php ReDoS vulnerability
A regex expression in ua-parser/uap-php could lead to a ReDoS vulnerability in versions prior to 3.8.0...
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-034)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-034 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happ...
Denial Of Service (DoS)
github.com/envoyproxy/envoy is vulnerable to Denial Of Service DoS. The vulnerability is due to a regex expression which is compiled for every request. This can result in high CPU usage and increased request latency when multiple routes are configured with such matchers...
CVE-2024-23323
Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and...
Cross site request forgery (csrf)
Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and...
CVE-2021-33580
User controlled request.getHeader"Referer", request.getRequestURL and request.getQueryString are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the...
Input validation
Schema-Inspector is an open-source tool to sanitize and validate JS objects npm package schema-inspector. In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input for example...
GHSA-F38P-C2GQ-4PMR Regular Expression Denial-of-Service in npm schema-inspector
Impact What kind of vulnerability is it? Who is impacted? Email address validation is vulnerable to a denial-of-service attack where some input for example a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. will freeze the program or web browser page...
Regular Expression Denial-of-Service in npm schema-inspector
Impact What kind of vulnerability is it? Who is impacted? Email address validation is vulnerable to a denial-of-service attack where some input for example a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. will freeze the program or web browser page...