60 matches found
CVE-2025-27220
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are...
CVE-2024-12579
The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service ReDoS in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can...
Regular Expression Denial Of Service (ReDoS)
rexml is vulnerable to a Regular Expression Denial of Service ReDoS vulnerability. The vulnerability is due to inefficient regular expression handling when parsing XML inputs that contain a large number of digits in hex numeric character references &x...;, allows an attacker to craft inputs that...
Mastodon 4.2.x < 4.2.13 Regular Expression Denial of Service
According to its self-reported version number, the version of Mastodon running on the remote host is prior to 4.1.20 or 4.2.x prior to 4.2.12. Therefore, it may be affected by a regular expression denial of service vulnerability. Note that the scanner has not tested for these issues but has inste...
EulerOS 2.0 SP9 : python-configobj (EulerOS-SA-2024-1493)
According to the versions of the python-configobj package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using...
CVE-2023-43646
get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...
SUSE-SU-2023:2693-1 Security update for python-sqlparse
This update for python-sqlparse fixes the following issues: - CVE-2023-30608: Fixed a regular rexpression that is vulnerable to ReDOS bsc1210617...
MGASA-2023-0183 Updated python-sqlparse packages fix security vulnerability
ReDoS Regular Expression Denial of Service CVE-2023-30608...
PT-2022-8728 · Is.Js · Is.Js
Name of the Vulnerable Software and Affected Versions: is.js versions 0.9.0 and prior Description: is.js is a general-purpose check library that contains one or more regular expressions vulnerable to Regular Expression Denial of Service ReDoS. The library uses a regex to validate URLs, which can...
CVE-2022-39280 Regular expression denial of service in dparse
dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version...
Design/Logic Flaw
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...
CVE-2022-21222 Regular Expression Denial of Service (ReDoS)
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...
Rocky Linux 8 : nodejs:14 (RLSA-2021:3074)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3074 advisory. - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the...
CVE-2021-23446
The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service ReDoS in Handsontable.helper.isNumeric function...
CVE-2021-3803
nth-check is vulnerable to Inefficient Regular Expression Complexity...
html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...
CVE-2021-23354 Regular Expression Denial of Service (ReDoS)
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...
CVE-2015-8388
PCRE before 8.38 mishandles the /?=di?=?1|?=./ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...
CVE-2015-8380
The pcreexec function in pcreexec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegE...