7 matches found
LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex
Summary The built-in striphtml filter in liquidjs uses a regex containing four lazy-quantified alternatives. When the input contains many |||/g, '' The regex contains four lazy patterns: 1. 2. 3. 4. For an input like 'script'.repeatN, the engine encounters N starting positions. At each one it mus...
CVE-2026-4926
Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...
PT-2022-7152 · Python Packaging Authority +7 · Wheel +7
Name of the Vulnerable Software and Affected Versions: Python Packaging Authority PyPA Wheel versions 0.37.1 and earlier Description: The issue is related to an uncontrolled resource consumption in the Python Packaging Authority PyPA Wheel, which can be exploited by a remote attacker to cause a...
UBUNTU-CVE-2021-39938
A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted...
python-jinja2: ReDoS vulnerability in the urlize filter
A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...
Regular Expression Denial of Service (ReDoS)
Overview printf is a complete implementation of the printf C functions family for Node.JS, written in pure JavaScript. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0...
GHSA-HQ37-853P-G5CF Regular Expression Denial of Service in CairoSVG
Doyensec Vulnerability Advisory Regular Expression Denial of Service REDoS in cairosvg Affected Product: CairoSVG v2.0.0+ Vendor: https://github.com/Kozea Severity: Medium Vulnerability Class: Denial of Service Authors: Ben Caller Doyensec Summary When processing SVG files, the python package...