118 matches found
MetaMask: Missing ^ Line Beginner Leads to Origin Spoofing
The vulnerability was identified in MetaMask's regex-based origin validation for endowments. Due to a missing caret ^ anchor at the beginning of the regex pattern, origin spoofing was possible. This oversight allowed malicious domains to be treated as trusted, bypassing intended security...
Fedora: Security Advisory for rust-ripgrep (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for rust-ripgrep (FEDORA-2024-ce2936b568)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: rust-ripgrep-14.1.0-3.fc40
Ripgrep is a line-oriented search tool that recursively searches the current directory for a regex pattern while respecting gitignore rules. ripgrep has first class support on Windows, macOS and Linux...
BIT-GITLAB-2021-39938
A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted...
Regular Expression Denial Of Service (ReDoS)
rack is vulnerable to a Denial Of Service. This vulnerability is due the handling of content type parsing which utilizes a regex pattern with inefficient complexity, which allows attackers to launch DoS attacks...
Regular Expression Denial Of Service (ReDoS)
gitlab is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability arises from insecure regex patterns used in the library, enabling an attacker to crash the application by sending maliciously crafted payloads that use ProjectReferenceFilter to the previewmarkdown endpoint...
PT-2023-36053 · Oracle · Java.Base
Name of the Vulnerable Software and Affected Versions: java.base affected versions not specified Description: A security exception occurs due to a crash in the java.base module, specifically in the java.util.regex.Pattern class. The crash involves the GroupHead.match, Loop.match, and...
Pinkerton - An JavaScript File Crawler And Secret Finder Developed In Python
️️ Pinkerton is a Python tool created to crawl JavaScript files and search for secrets Installing / Getting started A quick guide of how to install and use Pinkerton. 1. Clone the repository with: git clone https://github.com/oppsec/pinkerton.git 2. Install the libraries with: pip3 install -r...
Regular Expression Denial Of Service (ReDoS)
gitlab is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used in the DollarMathPostFilter, which allows an attacker to crash the application by sending maliciously crafted payloads to the previewmarkdown endpoint...
Regular Expression Denial Of Service (ReDoS)
gitlab is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used in the library, which allows an attacker to crash the application by sending maliciously crafted payloads to the previewmarkdown endpoint...
PT-2023-35925 · Oracle · Java.Base
Name of the Vulnerable Software and Affected Versions: java.base affected versions not specified Description: A security exception crash has been reported in java.base. The crash occurs in the java.util.regex.Pattern class, specifically in the Loop.match, GroupTail.match, and BranchConn.match...
PT-2023-35926 · Oracle · Java
Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: The issue is related to a security exception in the Java java.util.regex package, specifically in the Pattern$GroupTail.match function. The crash occurs when the BufferedWriter attempts to wri...
Regular Expression Denial Of Service (ReDoS)
uri is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to inefficient Regex pattern complexity used in rfc2396parser.rb and rfc3986parser.rb., which allows an attacker to crash the application by providing maliciously crafted URI patterns. NOTE: This issue...
Regular Expression Denial Of Service (ReDoS)
uri is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used for the RFC3986URI and RFC3986relativeref parameters in the rfc3986parser.rb, which allows an attacker to crash the application by providing maliciously crafted URI...
Regular Expression Denial Of Service (ReDoS)
time is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used in the rfc2822 function of time.rb, which allows an attacker to crash the application by providing an invalid time...
Regular Expression Denial Of Service (ReDoS)
undici is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an insecure Regex pattern used in the headerValueNormalize function in headers.js, which allows an attacker to crash the application by providing a malicious input...
SUSE CVE-2007-4768
Heap-based buffer overflow in Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized...
SUSE CVE-2016-3191
The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based...
Regular Expression Denial Of Service (ReDoS)
simple-markdown is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an insecure Regex pattern used for the match attribute in the autolink object in simple-markdown.js, which allows an attacker to crash the application by providing a maliciously crafted...