Lucene search
+L

209 matches found

Huntr
Huntr
added 2025/03/17 4:10 p.m.7 views

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's dynamic module utilities. The vulnerability exists in the getimports function in dynamicmoduleutils.py, which uses a vulnerable regular expression pattern to filte...

5.3CVSS7.3AI score0.00431EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/03/14 3:56 p.m.15 views

CVE-2025-27789

Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...

6.2CVSS6.2AI score0.00478EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/03/10 2:46 p.m.2 views

dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling

A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting mXSS via an incorrect template literal regular expression...

6.1CVSS5.8AI score0.00583EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/03/10 12:0 a.m.14 views

Debian dla-4082 : libruby2.7 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4082 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4082-1 [email protected]...

7.5CVSS7AI score0.00784EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/02/14 6:0 p.m.18 views

@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary The regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regular Expression Denial of Service attack. This vulnerability arises due to the unbounded nature of the regex's matching behavior, which can lead to catastrophic...

5.3CVSS6.8AI score0.00754EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/14 12:0 a.m.10 views

PT-2025-7073

Name of the Vulnerable Software and Affected Versions: @octokit/request versions 1.0.0 through 9.2.1 Description: The regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regular Expression Denial of Service attack. This vulnerability...

5.3CVSS5.4AI score0.00754EPSS
Exploits0References15
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/07 4:37 p.m.14 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2024-21538

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attack...

8.7CVSS6.3AI score0.00873EPSS
Exploits0Affected Software2
RedhatCVE
RedhatCVE
added 2025/02/05 7:41 a.m.11 views

CVE-2024-41766

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...

7.5CVSS6.8AI score0.00469EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/01/31 12:42 p.m.0 views

Security update for python-pydantic

This update for python-pydantic fixes the following issues: CVE-2024-3772: Fixed Regular expression DoS bsc1222806 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed f...

5.9CVSS6.1AI score0.00949EPSS
Exploits1References4
OSV
OSV
added 2025/01/31 12:42 p.m.3 views

SUSE-SU-2025:0310-1 Security update for python-pydantic

This update for python-pydantic fixes the following issues: - CVE-2024-3772: Fixed Regular expression DoS bsc1222806...

7.5CVSS7.2AI score0.00949EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/01/30 5:4 p.m.7 views

CVE-2025-0367 Regular Expression Denial of Service (ReDoS) in Splunk Supporting Add-on for Active Directory (SA-ldapsearch)

In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service ReDoS attack...

6.5CVSS6.5AI score0.00491EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/04 2:37 p.m.32 views

CVE-2024-41766 IBM Engineering Lifecycle Optimization - Publishing denial of service

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...

7.5CVSS0.00469EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/03 11:11 a.m.18 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing could allow a remote attacker to cause a denial of service using a complex regular expression.

Summary Regular expressions are a formal language for identifying strings of text, parsing, and matching them. Most regular expressions engines are built over a non-deterministic Finite Automaton NFA. They use backtracking and, while these regular expression engines can quickly confirm a positive...

7.5CVSS6.5AI score0.00469EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/12/12 12:58 p.m.2 views

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

8.7CVSS7.3AI score0.01429EPSS
Exploits0References7
Huntr
Huntr
added 2024/12/03 10:12 a.m.16 views

Regular expression Denial of Service - ReDoS

Description A Regular Expression Denial of Service ReDoS vulnerability identified in the Transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issue...

7.5CVSS6.2AI score0.00684EPSS
Exploits0
Snyk
Snyk
added 2024/11/22 3:50 a.m.5 views

Regular Expression Denial of Service (ReDoS)

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to inefficient cookie parsing that results in quadratic performance. An attacker...

7.5CVSS6.8AI score0.01051EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/10/30 5:7 a.m.8 views

SUSE CVE-2020-26311

Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no patches are available...

8.7CVSS7AI score0.00493EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/10/26 12:0 a.m.4 views

Knwl.js 安全漏洞

Knwl.js is a Javascript library from the individual developer Ben Moore that parses dates, times, phone numbers, emails, locations, etc. from text. A security vulnerability exists in Knwl.js version 1.0.2 and earlier versions, which stems from the presence of a regular expression denial of servic...

8.7CVSS6.5AI score0.00435EPSS
Exploits0References2
Snyk
Snyk
added 2024/07/02 4:41 p.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

7.5CVSS6.7AI score0.01996EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/01 12:0 a.m.3 views

Async Security Vulnerabilities

Async is a utility module by the individual developer Caolan McMahon in the UK. It is used for working with asynchronous JavaScript. A security vulnerability exists in Async versions 2.6.4 and earlier and 3.2.5 and earlier, which stems from vulnerability to a Regular Expression Denial of Service...

7.5CVSS6.7AI score0.00812EPSS
Exploits0References8
Rows per page
Query Builder