6 matches found
EUVD-2020-0514
Malware in sbrugna...
EUVD-2022-4139
Malicious code in bioql PyPI...
PT-2022-14915 · Url-Regex · Url-Regex
Name of the Vulnerable Software and Affected Versions: url-regex versions all Description: The issue is related to Regular Expression Denial of Service ReDoS, which can cause CPU usage to crash. Recommendations: For url-regex version all, consider disabling the use of the url-regex package until ...
08cms (=1.0.0), 0card-images-helper (=1.0.2) +5048 more potentially affected by CVE-2020-7661 via url-regex (>=1.0.4 <=5.0.0)
url-regex NPM version =1.0.4, =1.0.3, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.0.1 - 3e =1.0.0 and more Source cves: CVE-2020-7661 Source advisory: OSV:GHSA-V4RH-8P82-6H5W...
Denial of service
all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service...
Regular Expression Denial of Service (ReDoS)
Overview url-regex is a package with regular expression for matching URLs Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker providing a very long string in String.test can cause a Denial of Service. PoC by Nick Baugh For url-regex package:...