132 matches found
CVE-2021-3795
A flaw was found in the semver-regex library where it could lead to consuming a big amount of resources when executing specific strings. Attackers could take advantage of this by crafting an invalid version causing a disruption or a denial of service DoS...
Regular Expression Denial Of Service (ReDoS)
semver-regex is vulnerable to regular expression denial of service. An attacker is able to crash the application by submitting a malicious string to the function semverRegex...
CVE-2021-3795
semver-regex is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-3795
semver-regex is vulnerable to Inefficient Regular Expression Complexity...
Design/Logic Flaw
semver-regex is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-3795
CVE-2021-3795 affects the semver-regex package with Inefficient Regular Expression Complexity, leading to potential DoS. Affected: Carbon project packages (see Affected Products list). Remediation: upgrade to the fixed Carbon release set (e.g., prettier-config-carbon 0.12.0, @carbon/cli 11.31.0, ...
CVE-2021-3795 Inefficient Regular Expression Complexity in sindresorhus/semver-regex
semver-regex is vulnerable to Inefficient Regular Expression Complexity...
Inefficient Regular Expression Complexity in sindresorhus/semver-regex
✍️ Description It allows cause a denial of service when formatting crafted invalid semver versions. 🕵️♂️ Proof of Concept // PoC.mjs import semverRegex from 'semver-regex'; forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = '0.0.0-0' + '.-------'.repeati1 + '@';...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted...
USN-4776-1: semver vulnerability
It was discovered that semver incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service...
CVE-2021-21303
Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted...
CVE-2021-21303
Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted...
Regular Expression Denial Of Service (ReDoS)
semver-regex is vulnerable to regular expression denial of service. An attacker is able to crash the application by submitting a malicious string as a version number...
fabric8-analytics-lsp-server (=0.3.0), graphql-validated-types (>=2.7.0 <=2.11.0) +1 more potentially affected by unknown CVE via semver-regex (>=3.0.0 <=3.1.1)
semver-regex NPM version =3.0.0, =2.7.0, =1.2.0, =1.2.3 Source cves: unknown CVE Source advisory: SNYK:JS-SEMVERREGEX-1047770...
Regular Expression Denial of Service (ReDoS)
Overview semver-regex is a Regular expression for matching semver versions Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to improper usage of regex in the semverRegex function. PoC js // import of the vulnerable library const semverRegex =...
Fedora 30 : mingw-libidn2 (2019-d3221d69e0)
Libidn 2.2.0 released 2019-05-23 ================================== - Perform A-Label roundtrip for lookup functions by default - Stricter check of input to punycode decoder - Fix punycode decoding with no ASCII chars but given delimiter - Fix idn2 --no-tr64 was a no-op - Allow as a basic code...
Security Bulletin: Current Releases of IBM® SDK for Node.js™ are affected by CVE-2015-8855
Summary Denial of service vulnerability in module semver, used by the npm package management tool Vulnerability Details CVEID: CVE-2015-8855 DESCRIPTION: The Node.js semver module is vulnerable to a denial of service, caused by an error in the regular expression implementation. An attacker could...
Security Bulletin: Vulnerabilities in OpenSSL and ReDoS vulnerability in semver module affect IBM® SDK for Node.js™ in IBM Bluemix (CVE-2016-2107, CVE-2016-2105, CVE-2015-8855)
Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs. The "semver" module is vulnerable to regular expression denial of service ReDoS when extremely long version strings...
GHSA-X6FG-F45M-JF5Q Regular Expression Denial of Service in semver
Versions 4.3.1 and earlier of semver are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Recommendation Update to version 4.3.2 or later...
Regular Expression Denial of Service in semver
Versions 4.3.1 and earlier of semver are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Recommendation Update to version 4.3.2 or later...