2 matches found
GHSA-7QQ7-PVM9-X8RF H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint
A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...
Regular Expression Denial of Service (ReDoS)
Overview color-string is a Parser and generator for CSS color strings Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the hwb regular expression in the cs.get.hwb function in index.js. The affected regular expression exhibits quadratic worst-case...