9 matches found
EUVD-2023-1335
Malicious code in bioql PyPI...
Regular Expression Denial of Service in Deno.upgradeWebSocket API
Impact Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be...
Duplicate advisory: Deno vulnerable to Regular Expression Denial of Service
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jc97-h3h9-7xh6. This link is maintained to preserve external references. Original Description Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the...
GHSA-XR9W-X6GW-C9MJ Duplicate advisory: Deno vulnerable to Regular Expression Denial of Service
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jc97-h3h9-7xh6. This link is maintained to preserve external references. Original Description Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the...
CVE-2023-26103
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...
CVE-2023-26103
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...
Design/Logic Flaw
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...
CVE-2023-26103
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...
Regular Expression Denial of Service (ReDoS)
Overview deno is an a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/...