12 matches found
GO-2026-4536 Unicode case-folding causes incorrect split_path index in github.com/caddyserver/caddy/v2
Unicode case-folding causes incorrect splitpath index in github.com/caddyserver/caddy/v2...
GHSA-5R3V-VC8M-M96G Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transport
Summary Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because strings.ToLower can change UTF-8 byte length for some characters. As a result, Caddy can deri...
SUSE CVE-2018-7158
The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe
A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe
A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe
A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe
A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe
A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe
A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...
GHSA-HJ48-42VR-X3V9 Regular Expression Denial of Service in path-parse
Affected versions of npm package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe
A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...
OESA-2021-1262 nodejs-path-parse security update
Node.js path.parse ponyfill Security Fixes: All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.CVE-2021-23343...