CVE-2026-35041

fast-jwt provides fast JSON Web Token JWT implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular expression. Because the aud claim is attacker-controlled and the library evaluates it against the...

Security Bulletin: Vulnerabilities in path-to-regexp affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in path-to-regexp has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION:...

Security Bulletin: Vulnerabilities in path-to-regexp affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in path-to-regexp has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION:...

Security Bulletin: IBM Sterling External Authentication Server is vuulnerable due to path-to-regexp (CVE-2024-45296).

Summary IBM Sterling External Authentication Server uses the npm path-to-regexp, which is vulnerable to CVE-2024-45296. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION:...

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to path-to-regexp (CVE-2024-52798)

Summary path-to-regexp is vulnerable to a backtracking attack. This vulnerability affects IBM Spectrum Control. CVE-2024-52798. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a...

The vulnerability in the RegExp component of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, Thunderbird ESR, allows a hacker to execute arbitrary code.

The vulnerability of the RegExp component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird, Thunderbird ESR, is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to path-to-regexp-0.1.10.tgz CVE-2024-52798

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to path-to-regexp-0.1.10.tgz CVE-2024-52798. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular...

path-to-regexp contains a ReDoS

Impact The regular expression that is vulnerable to backtracking can be generated in versions before 0.1.12 of path-to-regexp, originally reported in CVE-2024-45296 Patches Upgrade to 0.1.12. Workarounds Avoid using two parameters within a single path segment, when the separator is not . e.g. no...

find-my-way has a ReDoS vulnerability in multiparametric routes

Impact A bad regular expression is generated any time you have two parameters within a single segment, when adding a - at the end, like /:a-:b-. Patches Update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. Workarounds No known workarounds. References - CVE-2024-45296 - Detailed blog po...

GHSA-G6HG-4V3C-6JQ7 Apache IoTDB subject to ReDOS with Java 8

Apache IoTDB versions 0.12.2 through 0.12.6, and 0.13.0 through 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. This issue is patched in 0.13.3. Users should upgrade or use a later version of Java to avoid it...

CVE-2018-11419

An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function via a RegExp"\u0" payload, related to reparsecharclass in parser/regexp/re-parser.c...

Artifex MuJS 'regexp.c' Integer Overflow Vulnerability

Artifex Software MuJS is a lightweight JavaScript interpreter from Artifex Software, USA, which is used to embed into other software to provide script execution capabilities. An integer overflow vulnerability exists in the 'jsregcomp' function of the regexp.c file in Artifex Software MuJS. An...

The vulnerability of the Flash Player software, which allows a violator to execute arbitrary code

The vulnerability of the RegExp class arises due to a violation of the buffer’s initial boundary. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the Flash Player software, which allows a violator to execute arbitrary code

The vulnerability of the RegExp class in the Flash Player software platform arises from a violation of the buffer’s initial limit. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code upon installing a plugin...

flash-plugin: multiple code execution issues fixed in APSB16-39

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution...

Cisco IOS Show IP BGP Regexp远程拒绝服务漏洞

Cisco IOS是一款流行的网络操作系统。 Cisco IOS不正确处理部分CLI命令，远程攻击者可以利用漏洞对系统进行拒绝服务攻击，可导致设备重启。 问题存在于处理"show ip bgp regexp"命令时，如果提交部分规则表达式作为参数并执行，结果可导致路由器重启或重建BGP路由表。如果多次成功利用此问题，可导致路由器变的重复不可用。 Cisco IOS XR 3.4.1 Cisco IOS XR 3.4 Cisco IOS XR 3.3.4 Cisco IOS XR 3.3.3 Cisco IOS XR 3.3.2 Cisco IOS XR 3.3.1 Cisco IOS X...