8 matches found
EUVD-2022-6538
Malicious code in bioql PyPI...
Regular Expression Denial Of Service (ReDoS)
uri-template-lite is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the expandRe attribute in index.js, allowing an attacker to crash the application by providing a malicious input through the URI.expand method...
GHSA-CHW2-6C7R-37P7 uri-template-lite Regular Expression Denial of Service
An exponential ReDoS Regular Expression Denial of Service can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method...
@bluelovers/axios-extend (>=1.0.4 <=1.0.46), @deuex-solutions/redoc (>=2.0.0-rc.23 <=2.0.0-rc.36) +41 more potentially affected by CVE-2021-43309 via uri-template-lite (>=0.1.10 <=22.1.0)
uri-template-lite NPM version =0.1.10, =1.0.4, =2.0.0-rc.23, =1.0.264, =2.0.0-rc.9, =1.0.1, =1.0.18, =1.45.0, =1.0.0, =0.0.1, =3.0.0, =3.2.0, =3.0.0, =8.0.1, =10.1.0-feat-add-kotlin-feign-client-generator-d2015e5f.0 and more Source cves: CVE-2021-43309 Source advisory: OSV:GHSA-CHW2-6C7R-37P7...
Design/Logic Flaw
An exponential ReDoS Regular Expression Denial of Service can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method...
CVE-2021-43309 ReDoS in uri-template-lite URI.expand function
An exponential ReDoS Regular Expression Denial of Service can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method...
CVE-2021-43309
CVE-2021-43309 affects the uri-template-lite npm package. The root cause is an insecure regular expression (expandRe) in index.js used by URI.expand, enabling exponential ReDoS when attacker-controlled input is supplied. Impact is denial of service affecting availability. Public exploit details a...
PT-2022-11821 · Npm · Uri-Template-Lite
Name of the Vulnerable Software and Affected Versions: uri-template-lite npm package affected versions not specified Description: An exponential ReDoS Regular Expression Denial of Service can be triggered in the uri-template-lite npm package when an attacker is able to supply arbitrary input to t...