8424 matches found
GHSA-9VMH-WHC4-7PHG OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users
This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart [CVE-2026-28356]
Summary IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart due to the parseoptionsheader function in multipart.py, that uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Parser::cleanup function. Symfony\Component\Yaml\Parser::cleanup strips the optional %YAML directive header, leading comments, and document start/end markers before parsing. The origina...
Incorrect Regular Expression
Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Incorrect Regular Expression in the route URL requirements when a requirement is set as an alternation such as locale: 'ar|bg|...|vi|...|zhCN'...
Regular Expression Denial of Service (ReDoS)
Overview symfony/json-path is an Eases JSON navigation using the JSONPath syntax as described in RFC 9535 Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the match and search filter functions in the JsonPath component. An attacker can cause denia...
Incorrect Regular Expression
Overview Affected versions of this package are vulnerable to Incorrect Regular Expression in the route URL requirements when a requirement is set as an alternation such as locale: 'ar|bg|...|vi|...|zhCN'. An attacker can bypass security redirect restrictions by suppling a URL that passes any but...
Astra Linux - уязвимость в ruby2.5
In the CGI gem before version 0.4.2 for Ruby, there is a Regular Expression Denial of Service ReDoS vulnerability in the UtilescapeElement method...
Astra Linux - уязвимость в node-get-func-name
get-func-name is a module that securely and consistently retrieves the name of a function, both in Node.js and in the browser. Versions prior to 2.0.1 are vulnerable to a denial-of-service attack caused by regular expressions, which can lead to a denial of service when parsing malicious input. Th...
Astra Linux - уязвимость в rails
The PostgreSQL adapter in Active Record before versions 6.1.2.1, 6.0.3.5, and 5.2.4.5 is vulnerable to a regular expression denial of service REDoS vulnerability. Carefully crafted inputs can cause the input validation for the money type in the PostgreSQL adapter in Active Record to spend too muc...
Astra Linux - уязвимость в node-hosted-git-info
Packages that use hosted-git-info before version 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS attacks due to the regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expressions have a polynomial worst-case time complexity...
Astra Linux - уязвимость в node-ansi-regex
ansi-regex is vulnerable to inefficient regular expression complexity...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Only dirty folio entries are marked when regular files are journaled. fstest generic/388 occasionally causes a crash that appears as follows: BUG: The kernel dereferes a NULL pointer. Address: 0000000000000000 Call Trace:...
Astra Linux - уязвимость в node-minimatch
A vulnerability was discovered in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when the braceExpand function is called with specific arguments, resulting in a denial of service...
Astra Linux - уязвимость в python-django
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are vulnerable to a ReDoS regular expression denial of service attack due to a very large number of domain name labels for emails and URLs...
Astra Linux - уязвимость в configobj
All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This vulnerability is only exploitable by developers who place the offending values in server-side configuration files...
Astra Linux - уязвимость в python2.7, pypy
In Python versions 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an HTTP server can perform Regular Expression Denial of Service ReDoS attacks against clients due to the use of urllib.request.AbstractBasicAuthHandler, which allows catastrophi...
Astra Linux - уязвимость в ruby2.5
In the date gem for Ruby, from version 3.2.0 onwards, Date.parse can cause ReDoS Regular Expression Denial of Service attacks due to the use of a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for file systems will collapse the THP for files that are opened in read-only mode and mapped with VMEXEC. The intended use case is to avoid TLB misses f...
Astra Linux – Vulnerability in pygments
In pygments 1.1+ and fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of these regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS attacks. By introducing malicious input, an attacker can cause a...
Astra Linux - уязвимость в pillow
A issue was discovered in Pillow before version 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack through a crafted PDF file due to a catastrophic backtracking in the regex...