105 matches found
CVE-2021-23354
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...
PT-2020-18334 · Github +4 · Github Flavored Markdown +4
Name of the Vulnerable Software and Affected Versions: GitHub Flavored Markdown versions prior to 0.29.0.gfm.1 Description: The issue is related to the time complexity of parsing certain markdown tables, which can take On n time. An attacker could craft a markdown table to cause a denial of...
CVE-2020-7212
The encodeinvalidchars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service CPU consumption because of an inefficient algorithm. The percentencodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length ...
GHSA-CMCX-XHR8-3W9P Denial of Service in uap-core when processing crafted User-Agent strings
Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-core to gt;=...
Dropbox: Algorithmic complexity vulnerability in ZXCVBN leads to remote denial of service attack
@davidrenardy discovered that the ZXCVBN algorithm is quadratic in time complexity, which implies that the user can submit an arbitrarily long password to the library, leading to a potential denial of service attack if performed at scale. Given how ZXCVBN is used at Dropbox, we accept the Denial ...