Lucene search
K

94 matches found

OSV
OSV
added 2024/10/26 9:15 p.m.2 views

CVE-2020-26304

Foundation is a front-end framework. Versions 6.3.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, it is unknown if any fixes are available...

7.5CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2024/09/03 12:29 p.m.41 views

CVE-2024-6232 Regular-expression DoS when parsing TarFile headers

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

0.02203EPSS
Exploits2References10
OSV
OSV
added 2024/08/10 7:27 a.m.98 views

BIT-GITLAB-2024-3114 Uncontrolled Resource Consumption in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server...

6.5CVSS5.1AI score0.00462EPSS
Exploits0References3
OSV
OSV
added 2024/08/08 10:31 a.m.9 views

CVE-2024-3114 Uncontrolled Resource Consumption in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server...

4.3CVSS6.5AI score0.00462EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/08/08 10:31 a.m.29 views

CVE-2024-3114 Uncontrolled Resource Consumption in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server...

4.3CVSS0.00462EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/08/08 12:0 a.m.28 views

GitLab 11.10 < 17.0.6 / 17.1 < 17.1.4 / 17.2 < 17.2.2 (CVE-2024-3114)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commit...

6.5CVSS5.4AI score0.00462EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.28 views

RHEL 9 : gjs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...

8.8CVSS7.7AI score0.09304EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.25 views

RHEL 8 : nodejs-ssri (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-ssri: Regular expression DoS ReDoS when parsing malicious SRI in strict mode CVE-2021-27290 Note that Nessus...

7.3AI score0.0472EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/09 1:38 a.m.32 views

CVE-2023-6688 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server...

6.5CVSS6.3AI score0.00745EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:4 a.m.25 views

BIT-PILLOW-2021-25292

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

6.5CVSS7.1AI score0.01635EPSS
Exploits0References3
OSV
OSV
added 2023/07/19 3:15 p.m.1 views

DEBIAN-CVE-2022-40896

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...

5.5CVSS6.1AI score0.00503EPSS
Exploits1References1
OSV
OSV
added 2023/07/19 3:15 p.m.2 views

UBUNTU-CVE-2022-40896

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...

5.5CVSS6.4AI score0.00503EPSS
Exploits1References6
Prion
Prion
added 2023/07/13 3:15 a.m.25 views

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the...

5CVSS7.2AI score0.00905EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/06/21 8:15 p.m.6 views

CVE-2023-33289

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."...

7.5CVSS5.8AI score0.01212EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/05/04 10:13 p.m.30 views

CVE-2023-1894

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

5.7AI score0.00437EPSS
Exploits0References1
Veracode
Veracode
added 2023/04/10 9:2 a.m.23 views

Regular Expression Denial Of Service (ReDoS)

configobj is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficent regex complexity via the validate function, which can lead to a Denial of Service if an attacker is able to control the input being parsed...

5.9CVSS5.7AI score0.01259EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/02/09 8:15 p.m.5 views

CVE-2023-22796

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

7.5CVSS6.8AI score0.01712EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/20 12:0 a.m.2 views

PT-2023-1551 · Unknown +2 · Html-Stripscripts +2

Name of the Vulnerable Software and Affected Versions: HTML-StripScripts versions 1.06 and earlier Description: The issue is related to the hss attval style function in the HTML-StripScripts module, which allows ReDoS Regular expression Denial of Service due to catastrophic backtracking when...

7.8CVSS6.7AI score0.01116EPSS
Exploits1References33
RubySec
RubySec
added 2023/01/18 12:0 a.m.35 views

ReDoS based DoS vulnerability in Active Support’s underscore

There is a possible regular expression based DoS vulnerability in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-22796. Versions Affected: All Not affected: None Fixed Versions: 6.1.7.1, 7.0.4.1 Impact A specially crafted string passed to the underscore method ca...

7.5CVSS7.4AI score0.01712EPSS
Exploits0References1Affected Software1
Debian
Debian
added 2022/12/23 9:0 a.m.22 views

[SECURITY] [DLA 3246-1] node-hawk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3246-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb December 23, 2022 https://wiki.debian.org/LTS -...

7.5CVSS7.5AI score0.01028EPSS
Exploits0
Rows per page
Query Builder