105 matches found
Polynomial regular expression used on uncontrolled data in nitrado.js
Impact Possible ReDoS with lib input of and with many repetitions of | Patches Patched in all versions above 0.2.5 Workarounds No known work arounds. References - OWASP: Regular expression Denial of Service - ReDoS - Wikipedia: ReDoS. - Wikipedia: Time complexity. - James Kirrage, Asiri Rathnayak...
GitHub: DoS via markdown API from unauthenticated user
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the...
CVE-2021-32778 Excessive CPU utilization when closing HTTP/2 streams
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has ON^2 complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are...
Regular Expression Denial of Service in path-parse
Affected versions of npm package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...
GHSA-257V-VJ4P-3W2H Regular Expression Denial of Service (ReDOS)
In the npm package color-string, there is a ReDos Regular Expression Denial of Service vulnerability regarding an exponential time complexity for linearly increasing input lengths for hwb color strings. Strings reaching more than 5000 characters would see several milliseconds of processing time;...
Regular Expression Denial of Service (ReDOS)
In the npm package color-string, there is a ReDos Regular Expression Denial of Service vulnerability regarding an exponential time complexity for linearly increasing input lengths for hwb color strings. Strings reaching more than 5000 characters would see several milliseconds of processing time;...
GHSA-Q8PJ-2VQX-8GGC Denial of service in css-what
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...
CVE-2021-33587
A flaw was found in nodejs-css-what. The css-what package for Node.js does not ensure that attribute parsing has a Linear Time Complexity relative to the size of the input. The highest threat from this vulnerability is to system availability...
Denial Of Service (DoS)
css-what is vulnerable to denial of service. The vulnerability exists due to the system not ensuring that the attribute handler has Linear Time Complexity LTC relative to the size of the input causing the system to overload on the resource and crashing the system...
CVE-2021-33587
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...
CVE-2021-33587
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...
CVE-2021-33587
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...
CVE-2021-33587
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...
CVE-2021-23343
All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...
CVE-2021-23343 Regular Expression Denial of Service (ReDoS)
All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...
CVE-2021-23362
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...
CVE-2021-23362
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...
printf vulnerable to Regular Expression Denial of Service (ReDoS)
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string regex /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...
CVE-2021-23354
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...
Design/Logic Flaw
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...