1738 matches found
CVE-2024-50343 Incorrect response from Validator when input ends with `\n` in symfony/validator
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the D...
CVE-2024-50343 Incorrect response from Validator when input ends with `\n` in symfony/validator
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the D...
CVE-2024-50343 Incorrect response from Validator when input ends with `\n` in symfony/validator
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the D...
CVE-2024-50343
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the D...
CVE-2024-50343
CVE-2024-50343 affects the Symfony PHP framework’s validator component (symfony/validator). An input ending with a newline could bypass validation when using regular expressions configured with the $ metacharacter; Symfony versions 5.4.43, 6.4.11, and 7.1.4 now apply the D modifier to ensure the ...
CVE-2024-50345 Open redirect via browser-sanitized URLs in symfony/http-foundation
symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class...
GHSA-G3RH-RRHP-JHH9 Symfony has an incorrect response from Validator when input ends with `\n`
Description It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Resolution Symfony now uses the D regex modifier to match the entire input. The patch for this issue is available here for branch 5.4. Credits We would li...
Symfony has an incorrect response from Validator when input ends with `\n`
Description It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Resolution Symfony now uses the D regex modifier to match the entire input. The patch for this issue is available here for branch 5.4. Credits We would li...
Misinterpretation of Input
Overview Affected versions of this package are vulnerable to Misinterpretation of Input containing a \n. Several validations expect line ending characters to be matched by $, but a malicious user can bypass those validations to cause invalid input to be treated as valid. Remediation Upgrade...
Symfony 输入验证错误漏洞
Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. An input validation error vulnerability exists in Symfony. An attacker could use this vulnerability to spoof a "Validator" configured with a regular expression using the "$"...
GHSA-MJJW-553X-87PQ vulnerabilities
Vulnerabilities for packages: nvidia-gpu-operator-validator, nvidia-container-toolkit...
nope-env (=1.0.0) potentially affected by CVE-2020-26309 via nope-validator (=0.11.3)
nope-validator NPM version =0.11.3 is affected by a known vulnerability. The following packages have a transitive dependency on nope-validator and may be impacted: - nope-env =1.0.0 Source cves: CVE-2020-26309 Source advisory: OSV:GHSA-3PHV-83CJ-P8P7...
GHSA-3PHV-83CJ-P8P7 nope-validator Regular Expression Denial of Service vulnerability
Nope is a JavaScript validator. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. This vulnerability is fixed in 0.12.1...
nope-validator Regular Expression Denial of Service vulnerability
Nope is a JavaScript validator. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. This vulnerability is fixed in 0.12.1...
CVE-2020-26310 GHSL-2020-305: Regular Expression Denial of Service (ReDoS) in Pure JavaScript HTML5 Parser
Validate.js provides a declarative way of validating javascript objects. All versions as of 30 November 2020 contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, it is unknown if any patches are available...
CentOS 7 : kpatch-patch (RHSA-2020:5050)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5050 advisory. - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable...
CVE-2024-0132 vulnerabilities
Vulnerabilities for packages: nvidia-gpu-operator-validator, nvidia-container-toolkit...
CVE-2024-46984
The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...
CVE-2024-46984
CVE-2024-46984 affects gematik app-referencevalidator’s referencevalidator Commons profile location routine, which is vulnerable to XML External Entities (XXE) due to insecure Woodstox WstxInputFactory defaults. A malicious XML resource can induce network requests and Server-Side Request Forgery ...
de.gematik.bbriccs:bricks-integration-coverage (=0.1.9), de.gematik.bbriccs:fd-fhir-client-brick (=0.1.9) +18 more potentially affected by CVE-2024-46984 via de.gematik.refv.commons:commons (>=0.1.3 <=2.5.0)
de.gematik.refv.commons:commons MAVEN version =0.1.3, =0.1.9, =0.1.9, =2.1.0, =1.0.0, =0.6.0, =0.3.0, =0.1.3, =0.5.0, =0.5.0, =0.4.1, =0.1.3, =0.3.0 and more Source cves: CVE-2024-46984 Source advisory: OSV:GHSA-68J8-FP38-P48Q...