Regular Expression Denial Of Service (ReDoS)

ua-parser-js is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an insecure Regex pattern used for the str attribute in the trim function of ua-parser.js, which allows an attacker to crash the application by providing a maliciously crafted string...

Regular Expression Denial Of Service (ReDoS)

terminal-kit is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used in multiple functions of the library, allowing an attacker to crash the application by providing a malicious strings such as '^'.repeatbigNumber...

Regular Expression Denial Of Service (ReDoS)

setuptools is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the REL attribute in the findexternallinks function of packageindex.py, allowing an attacker to crash the application by passing a malicious HTML...

Regular Expression Denial Of Service (ReDoS)

isjs is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for url matching in is.js allowing an attacker to crash the application by providing malicious urls...

Regular Expression Denial Of Service (ReDoS)

rails-html-sanitizer is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the attrnode.value attribute in the scrubattributes function of scrubbers.rb, allowing an attacker to crash the application by providing malicious SVG...

Regular Expression Denial Of Service (ReDoS)

loofah is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the attrnode.value attribute in the scrubattributes function of scrub.rb, allowing an attacker to crash the application by providing malicious SVG attributes...

Regular Expression Denial Of Service (ReDoS)

loader-utils is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the resourcePath variable in interpolateName.js, allowing an attacker to crash the application by providing a malicious input...

Regular Expression Denial Of Service (ReDoS)

uri-template-lite is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the expandRe attribute in index.js, allowing an attacker to crash the application by providing a malicious input through the URI.expand method...

Regular Expression Denial Of Service (ReDoS)

eth-account is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the TYPEREGEX attribute in the validatetypesattribute function of validation.py, allowing an attacker to crash the application by providing a malicious input...

Regular Expression Denial Of Service (ReDoS)

tapestry-http is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the PATTERN attribute in the ContentType function of ContentType.java, allowing an attacker to cause an application crash through the maliciously crafted conten...

Regular Expression Denial Of Service (ReDoS)

moment is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the inefficient regex pattern used in the preprocessRFC2822 function of from-string.js, allowing an attacker to crash the application by providing malicious inputs of more than 10k characters...

Regular Expression Denial Of Service (ReDoS)

scss-tokenizer is vulnerable to regular expression denial of service. The vulnerability exists in the loadAnnotation function of previous-map.js due to the insecure regex pattern used in the match attribute, allowing an attacker to crash the application by providing malicious input...

Authorization Bypass

shiro-core is vulnerable to authorization bypass. The vulnerability exists due to the case-insensitive regex pattern matching used in the matches function of RegExPatternMatcher.java, allowing an attacker to bypass the servlet container when RegExPatternMatcher with . in the regular expression...

CVE-2022-32532

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...

DEBIAN-CVE-2022-32532

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...

CVE-2022-32532

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...

UBUNTU-CVE-2022-32532

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...

Regular Expression Denial Of Service (ReDoS)

repo-git-downloader is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for match repository urls in the getOptions function of option.js, allowing an attacker to crash the application by downloading maliciously crafted git...

Regular Expression Denial Of Service (ReDoS)

markdown-link-extractor is vulnerable to regular expression denial of service. An attacker can crash the application by providing malicious input to the module.exports function of index.js due to the insecure regex pattern used for the image parameter...

Regular Expression Denial Of Service (ReDoS)

devcert is vulnerable to regular expression denial of service. An attacker can crash the application by providing a malicious input to the certificateFor function of index.ts due to the insecure regex pattern used for VALIDIP and VALIDDOMAIN parameters...