209 matches found
Regular expression Denial of Service - ReDoS
Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's dynamic module utilities. The vulnerability exists in the getimports function in dynamicmoduleutils.py, which uses a vulnerable regular expression pattern to filte...
CVE-2025-27789
Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...
dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling
A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting mXSS via an incorrect template literal regular expression...
Debian dla-4082 : libruby2.7 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4082 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4082-1 [email protected]...
@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Summary The regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regular Expression Denial of Service attack. This vulnerability arises due to the unbounded nature of the regex's matching behavior, which can lead to catastrophic...
PT-2025-7073
Name of the Vulnerable Software and Affected Versions: @octokit/request versions 1.0.0 through 9.2.1 Description: The regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regular Expression Denial of Service attack. This vulnerability...
Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2024-21538
Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attack...
CVE-2024-41766
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...
Security update for python-pydantic
This update for python-pydantic fixes the following issues: CVE-2024-3772: Fixed Regular expression DoS bsc1222806 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed f...
SUSE-SU-2025:0310-1 Security update for python-pydantic
This update for python-pydantic fixes the following issues: - CVE-2024-3772: Fixed Regular expression DoS bsc1222806...
CVE-2025-0367 Regular Expression Denial of Service (ReDoS) in Splunk Supporting Add-on for Active Directory (SA-ldapsearch)
In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service ReDoS attack...
CVE-2024-41766 IBM Engineering Lifecycle Optimization - Publishing denial of service
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing could allow a remote attacker to cause a denial of service using a complex regular expression.
Summary Regular expressions are a formal language for identifying strings of text, parsing, and matching them. Most regular expressions engines are built over a non-deterministic Finite Automaton NFA. They use backtracking and, while these regular expression engines can quickly confirm a positive...
rexml: REXML ReDoS vulnerability
A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...
Regular expression Denial of Service - ReDoS
Description A Regular Expression Denial of Service ReDoS vulnerability identified in the Transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issue...
Regular Expression Denial of Service (ReDoS)
Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to inefficient cookie parsing that results in quadratic performance. An attacker...
SUSE CVE-2020-26311
Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no patches are available...
Knwl.js 安全漏洞
Knwl.js is a Javascript library from the individual developer Ben Moore that parses dates, times, phone numbers, emails, locations, etc. from text. A security vulnerability exists in Knwl.js version 1.0.2 and earlier versions, which stems from the presence of a regular expression denial of servic...
Regular Expression Denial of Service (ReDoS)
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
Async Security Vulnerabilities
Async is a utility module by the individual developer Caolan McMahon in the UK. It is used for working with asynchronous JavaScript. A security vulnerability exists in Async versions 2.6.4 and earlier and 3.2.5 and earlier, which stems from vulnerability to a Regular Expression Denial of Service...