Fedora 28 : nodejs-JSV / nodejs-uri-js (2018-373bbbd408)

Update to latest nodejs-uri-js for CVE fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Regular Expression Denial Of Service in uri-js

Affected versions of uri-js is susceptible to a regular expression denial of service vulnerability when user input is sent to the .parse method. Recommendation Update to v3.0.0 or later...

GHSA-333W-RXJ3-F55R Regular Expression Denial Of Service in uri-js

Affected versions of uri-js is susceptible to a regular expression denial of service vulnerability when user input is sent to the .parse method. Recommendation Update to v3.0.0 or later...

anvil-connect (>=0.1.0 <=0.1.39), anvil-connect-jwt (>=0.1.0 <=0.1.2) +49 more potentially affected by CVE-2017-16021 via uri-js (>=1.4.2 <=2.1.1)

uri-js NPM version =1.4.2, =0.1.0, =0.1.0, =0.1.0, =0.2.12, =1.15.0, =0.1.0, =0.1.2, =0.4.2, =1.0.0, =0.0.1, =1.0.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2017-16021 Source advisory: OSV:GHSA-333W-RXJ3-F55R...

Fedora 27 : nodejs-JSV / nodejs-uri-js (2018-13e08f4b4a)

Update to latest nodejs-uri-js for CVE fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora Update for nodejs-uri-js FEDORA-2018-13e08f4b4a

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 27 Update: nodejs-uri-js-4.2.2-2.fc27

URI.js is an RFC 3986 compliant, scheme extendable URI parsing/validating/resolving library for all JavaScript environments browsers, Node.js, etc...

Fedora Update for nodejs-uri-js FEDORA-2018-373bbbd408

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-16021

uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100%...

CVE-2017-16021

The CVE-2017-16021 issue affects uri-js up to v2.1.1 where a RegExp-based URL validation can cause a Denial of Service (high CPU usage) when processing user input via parse(). Fedora/Nessus/OpenVAS entries reference CVE-2017-16021 and indicate to update to a newer nodejs-uri-js release to fix the...

CVE-2017-16021

uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100%...

PT-2018-6052 · Github · Uri.Js

Name of the Vulnerable Software and Affected Versions: uri-js versions 2.1.1 and earlier Description: The issue arises from a regular expression used by uri-js to validate URLs, which is vulnerable to redos. This vulnerability causes the program to hang and results in 100% CPU usage when attempti...

Regular Expression Denial Of Service (ReDoS)

uri-js is vulnerable to denial of service DoS attacks. These attacks are possible through the regular expression that validates if a URL is validate. There is a flaw in the regular expression which causes the program to hang and the application to consume 100% of the CPU. This is only possible if...

Regular Expression Denial Of Service

Overview Affected versions of uri-js is susceptible to a regular expression denial of service vulnerability when user input is sent to the .parse method. Recommendation Update to v3.0.0 or later. References - Issue 12 - GitHub Advisory...