Lucene search
+L

132 matches found

RedhatCVE
RedhatCVE
added 2021/09/20 5:46 p.m.27 views

CVE-2021-3795

A flaw was found in the semver-regex library where it could lead to consuming a big amount of resources when executing specific strings. Attackers could take advantage of this by crafting an invalid version causing a disruption or a denial of service DoS...

7.5CVSS6AI score0.01457EPSS
Exploits1References3
Veracode
Veracode
added 2021/09/16 4:0 a.m.18 views

Regular Expression Denial Of Service (ReDoS)

semver-regex is vulnerable to regular expression denial of service. An attacker is able to crash the application by submitting a malicious string to the function semverRegex...

7.5CVSS3.3AI score0.01457EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2021/09/15 5:15 p.m.13 views

CVE-2021-3795

semver-regex is vulnerable to Inefficient Regular Expression Complexity...

7.5CVSS0.01457EPSS
Exploits1References2
OSV
OSV
added 2021/09/15 5:15 p.m.18 views

CVE-2021-3795

semver-regex is vulnerable to Inefficient Regular Expression Complexity...

7.5CVSS6.6AI score
Exploits0References2
Prion
Prion
added 2021/09/15 5:15 p.m.14 views

Design/Logic Flaw

semver-regex is vulnerable to Inefficient Regular Expression Complexity...

5CVSS7.5AI score0.01457EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/09/15 4:23 p.m.293 views

CVE-2021-3795

CVE-2021-3795 affects the semver-regex package with Inefficient Regular Expression Complexity, leading to potential DoS. Affected: Carbon project packages (see Affected Products list). Remediation: upgrade to the fixed Carbon release set (e.g., prettier-config-carbon 0.12.0, @carbon/cli 11.31.0, ...

7.5CVSS7.4AI score0.01457EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/09/15 4:23 p.m.32 views

CVE-2021-3795 Inefficient Regular Expression Complexity in sindresorhus/semver-regex

semver-regex is vulnerable to Inefficient Regular Expression Complexity...

7.5CVSS7.9AI score0.01457EPSS
Exploits1References2
Huntr
Huntr
added 2021/09/10 12:9 p.m.24 views

Inefficient Regular Expression Complexity in sindresorhus/semver-regex

✍️ Description It allows cause a denial of service when formatting crafted invalid semver versions. 🕵️‍♂️ Proof of Concept // PoC.mjs import semverRegex from 'semver-regex'; forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = '0.0.0-0' + '.-------'.repeati1 + '@';...

5CVSS4.5AI score0.01457EPSS
Exploits1
GitLab Advisory Database
GitLab Advisory Database
added 2021/06/23 12:0 a.m.29 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted...

6.8CVSS0.2AI score0.0103EPSS
Exploits0References5Affected Software1
Ubuntu
Ubuntu
added 2021/03/15 8:51 p.m.37 views

USN-4776-1: semver vulnerability

It was discovered that semver incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service...

7.8CVSS7.4AI score0.06488EPSS
Exploits0
NVD
NVD
added 2021/02/05 10:15 p.m.19 views

CVE-2021-21303

Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted...

6.8CVSS0.0103EPSS
Exploits0References3
OSV
OSV
added 2021/02/05 10:15 p.m.29 views

CVE-2021-21303

Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted...

6.8CVSS6.5AI score
Exploits0References3
Veracode
Veracode
added 2021/01/08 3:51 a.m.14 views

Regular Expression Denial Of Service (ReDoS)

semver-regex is vulnerable to regular expression denial of service. An attacker is able to crash the application by submitting a malicious string as a version number...

4.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2020/11/22 9:43 a.m.5 views

fabric8-analytics-lsp-server (=0.3.0), graphql-validated-types (>=2.7.0 <=2.11.0) +1 more potentially affected by unknown CVE via semver-regex (>=3.0.0 <=3.1.1)

semver-regex NPM version =3.0.0, =2.7.0, =1.2.0, =1.2.3 Source cves: unknown CVE Source advisory: SNYK:JS-SEMVERREGEX-1047770...

5.8AI score
Exploits0
Snyk
Snyk
added 2020/11/22 9:43 a.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview semver-regex is a Regular expression for matching semver versions Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to improper usage of regex in the semverRegex function. PoC js // import of the vulnerable library const semverRegex =...

4.3CVSS5.7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/11/04 12:0 a.m.29 views

Fedora 30 : mingw-libidn2 (2019-d3221d69e0)

Libidn 2.2.0 released 2019-05-23 ================================== - Perform A-Label roundtrip for lookup functions by default - Stricter check of input to punycode decoder - Fix punycode decoding with no ASCII chars but given delimiter - Fix idn2 --no-tr64 was a no-op - Allow as a basic code...

9.8CVSS7.4AI score0.03708EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.22 views

Security Bulletin: Current Releases of IBM® SDK for Node.js™ are affected by CVE-2015-8855

Summary Denial of service vulnerability in module semver, used by the npm package management tool Vulnerability Details CVEID: CVE-2015-8855 DESCRIPTION: The Node.js semver module is vulnerable to a denial of service, caused by an error in the regular expression implementation. An attacker could...

7.8CVSS1AI score0.06488EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.27 views

Security Bulletin: Vulnerabilities in OpenSSL and ReDoS vulnerability in semver module affect IBM® SDK for Node.js™ in IBM Bluemix (CVE-2016-2107, CVE-2016-2105, CVE-2015-8855)

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs. The "semver" module is vulnerable to regular expression denial of service ReDoS when extremely long version strings...

7.8CVSS0.6AI score0.89058EPSS
Exploits6Affected Software1
OSV
OSV
added 2017/10/24 6:33 p.m.2 views

GHSA-X6FG-F45M-JF5Q Regular Expression Denial of Service in semver

Versions 4.3.1 and earlier of semver are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Recommendation Update to version 4.3.2 or later...

7.5CVSS7.2AI score0.06488EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.25 views

Regular Expression Denial of Service in semver

Versions 4.3.1 and earlier of semver are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Recommendation Update to version 4.3.2 or later...

7.8CVSS7.1AI score0.06488EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder