Lucene search
K

105 matches found

Github Security Blog
Github Security Blog
added 2022/08/31 10:23 p.m.27 views

Polynomial regular expression used on uncontrolled data in nitrado.js

Impact Possible ReDoS with lib input of and with many repetitions of | Patches Patched in all versions above 0.2.5 Workarounds No known work arounds. References - OWASP: Regular expression Denial of Service - ReDoS - Wikipedia: ReDoS. - Wikipedia: Time complexity. - James Kirrage, Asiri Rathnayak...

7.5CVSS7.3AI score0.00784EPSS
Exploits0References4Affected Software1
Hacker One
Hacker One
added 2022/06/29 8:12 p.m.23 views

GitHub: DoS via markdown API from unauthenticated user

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the...

4CVSS2.9AI score0.01641EPSS
Exploits0
Cvelist
Cvelist
added 2021/08/24 8:30 p.m.30 views

CVE-2021-32778 Excessive CPU utilization when closing HTTP/2 streams

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has ON^2 complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are...

5.8CVSS7.7AI score0.0123EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/08/10 3:33 p.m.81 views

Regular Expression Denial of Service in path-parse

Affected versions of npm package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

7.5CVSS5.1AI score0.02218EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2021/06/22 1:14 a.m.18 views

GHSA-257V-VJ4P-3W2H Regular Expression Denial of Service (ReDOS)

In the npm package color-string, there is a ReDos Regular Expression Denial of Service vulnerability regarding an exponential time complexity for linearly increasing input lengths for hwb color strings. Strings reaching more than 5000 characters would see several milliseconds of processing time;...

5.3CVSS5.4AI score0.03134EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2021/06/22 1:14 a.m.54 views

Regular Expression Denial of Service (ReDOS)

In the npm package color-string, there is a ReDos Regular Expression Denial of Service vulnerability regarding an exponential time complexity for linearly increasing input lengths for hwb color strings. Strings reaching more than 5000 characters would see several milliseconds of processing time;...

5.3CVSS2.7AI score0.03134EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2021/06/07 10:11 p.m.20 views

GHSA-Q8PJ-2VQX-8GGC Denial of service in css-what

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

7.5CVSS7.5AI score0.02267EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2021/05/31 5:27 p.m.27 views

CVE-2021-33587

A flaw was found in nodejs-css-what. The css-what package for Node.js does not ensure that attribute parsing has a Linear Time Complexity relative to the size of the input. The highest threat from this vulnerability is to system availability...

7.5CVSS7.3AI score0.02267EPSS
Exploits0References3
Veracode
Veracode
added 2021/05/31 2:49 a.m.27 views

Denial Of Service (DoS)

css-what is vulnerable to denial of service. The vulnerability exists due to the system not ensuring that the attribute handler has Linear Time Complexity LTC relative to the size of the input causing the system to overload on the resource and crashing the system...

7.5CVSS2.2AI score0.02267EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2021/05/28 8:15 p.m.18 views

CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

7.5CVSS7.1AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/05/28 8:15 p.m.37 views

CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

7.5CVSS7.1AI score0.02267EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/05/28 12:0 a.m.33 views

CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

7.8AI score0.02267EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2021/05/28 12:0 a.m.30 views

CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

7.5CVSS7.7AI score0.02267EPSS
Exploits0
NVD
NVD
added 2021/05/04 9:15 a.m.31 views

CVE-2021-23343

All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

7.5CVSS0.02218EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/05/04 8:25 a.m.28 views

CVE-2021-23343 Regular Expression Denial of Service (ReDoS)

All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

5.3CVSS8.7AI score0.02218EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2021/03/23 5:15 p.m.40 views

CVE-2021-23362

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...

5.3CVSS6.8AI score0.03612EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2021/03/23 4:20 p.m.30 views

CVE-2021-23362

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...

5.3CVSS7.2AI score0.03612EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2021/03/19 9:22 p.m.60 views

printf vulnerable to Regular Expression Denial of Service (ReDoS)

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string regex /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

7.5CVSS7.3AI score0.02176EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2021/03/12 3:15 p.m.44 views

CVE-2021-23354

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

7.5CVSS0.02176EPSS
Exploits1References3
Prion
Prion
added 2021/03/12 3:15 p.m.20 views

Design/Logic Flaw

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

5CVSS7.5AI score0.02176EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder