3 matches found
GHSA-C4RQ-3M3G-8WGX Nokogiri CSS selector tokenizer has regular expression backtracking
Summary Nokogiri's CSS selector tokenizer contains regular expressions whose construction may result in exponential regex backtracking on adversarial selectors. Three ReDoS vectors are addressed in this release: 1. String-literal tokenization on certain unterminated quoted-string input. 2...
PT-2026-30852
Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.29.1 and earlier Description Gotenberg uses the dlclark/regexp2 library to compile user-supplied scope patterns without a timeout. This allows users with access to features utilizing this logic to potentially hang workers...
Regular Expression Denial of Service (ReDoS)
Overview activesupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the underscore function in inflector/methods.rb. This affects Stringunderscore,...