Search
Total
71 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31606 | 1 Promptworks | 1 Redcloth | 2024-01-10 | N/A | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | |||||
| CVE-2023-29487 | 3 Apple, Heimdalsecurity, Microsoft | 3 Macos, Thor, Windows | 2024-01-04 | N/A | 9.1 CRITICAL |
| An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. | |||||
| CVE-2023-29486 | 3 Apple, Heimdalsecurity, Microsoft | 3 Macos, Thor, Windows | 2023-12-29 | N/A | 9.8 CRITICAL |
| An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. | |||||
| CVE-2023-50249 | 1 Sentry | 1 Astro | 2023-12-28 | N/A | 7.5 HIGH |
| Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has been patched in sentry/astro version 7.87.0. | |||||
| CVE-2022-30122 | 2 Debian, Rack Project | 2 Debian Linux, Rack | 2023-12-20 | N/A | 7.5 HIGH |
| A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. | |||||
| CVE-2023-48631 | 1 Adobe | 1 Css-tools | 2023-12-18 | N/A | 7.5 HIGH |
| @adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. | |||||
| CVE-2022-44571 | 1 Rack Project | 1 Rack | 2023-12-08 | N/A | 7.5 HIGH |
| There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted. | |||||
| CVE-2022-44572 | 1 Rack Project | 1 Rack | 2023-12-08 | N/A | 7.5 HIGH |
| A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. | |||||
| CVE-2022-44570 | 1 Rack Project | 1 Rack | 2023-12-08 | N/A | 7.5 HIGH |
| A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted. | |||||
| CVE-2023-46402 | 1 Git-urls Project | 1 Git-urls | 2023-11-28 | N/A | 7.5 HIGH |
| git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in urls.go. | |||||
| CVE-2023-36053 | 3 Debian, Djangoproject, Fedoraproject | 3 Debian Linux, Django, Fedora | 2023-11-15 | N/A | 7.5 HIGH |
| In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. | |||||
| CVE-2023-26115 | 1 Word-wrap Project | 1 Word-wrap | 2023-08-24 | N/A | 7.5 HIGH |
| All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable. | |||||
| CVE-2023-3446 | 1 Openssl | 1 Openssl | 2023-08-16 | N/A | 5.3 MEDIUM |
| Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. | |||||
| CVE-2022-42124 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2023-08-08 | N/A | 7.5 HIGH |
| ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype. | |||||
| CVE-2022-37620 | 1 Html-minifier Project | 1 Html-minifier | 2023-08-08 | N/A | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js. | |||||
| CVE-2022-25918 | 1 Shescape Project | 1 Shescape | 2023-08-08 | N/A | 7.5 HIGH |
| The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function. | |||||
| CVE-2022-2908 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 4.3 MEDIUM |
| A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field. | |||||
| CVE-2022-37603 | 1 Webpack.js | 1 Loader-utils | 2023-08-08 | N/A | 7.5 HIGH |
| A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. | |||||
| CVE-2022-37599 | 1 Webpack.js | 1 Loader-utils | 2023-08-08 | N/A | 7.5 HIGH |
| A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. | |||||
| CVE-2022-24373 | 1 Swmansion | 1 React Native Reanimated | 2023-08-08 | N/A | 7.5 HIGH |
| The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js. | |||||
| CVE-2022-21222 | 1 Css-what Project | 1 Css-what | 2023-08-08 | N/A | 7.5 HIGH |
| The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function. | |||||
| CVE-2022-37259 | 1 Stealjs | 1 Steal | 2023-08-08 | N/A | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js. | |||||
| CVE-2022-37260 | 1 Stealjs | 1 Steal | 2023-08-08 | N/A | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js. | |||||
| CVE-2022-37262 | 1 Stealjs | 1 Steal | 2023-08-08 | N/A | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js. | |||||
| CVE-2022-40023 | 2 Debian, Sqlalchemy | 2 Debian Linux, Mako | 2023-08-08 | N/A | 7.5 HIGH |
| Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. | |||||
| CVE-2022-25887 | 1 Apostrophecms | 1 Sanitize-html | 2023-08-08 | N/A | 7.5 HIGH |
| The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal. | |||||
| CVE-2022-34749 | 2 Fedoraproject, Mistune Project | 2 Fedora, Mistune | 2023-08-08 | N/A | 7.5 HIGH |
| In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking. | |||||
| CVE-2022-25858 | 1 Terser | 1 Terser | 2023-08-08 | N/A | 7.5 HIGH |
| The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions. | |||||
| CVE-2021-40900 | 1 Regexfn Project | 1 Regexfn | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails. | |||||
| CVE-2021-40899 | 1 Repo-git-downloader Project | 1 Repo-git-downloader | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories. | |||||
| CVE-2021-40898 | 1 Scaffold-helper Project | 1 Scaffold-helper | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files. | |||||
| CVE-2021-40895 | 1 Todo-regex Project | 1 Todo-regex | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements. | |||||
| CVE-2021-40660 | 1 Javadelight | 1 Nashorn Sandbox | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack. | |||||
| CVE-2022-21195 | 1 Url-regex Project | 1 Url-regex | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package url-regex are vulnerable to Regular Expression Denial of Service (ReDoS) which can cause the CPU usage to crash. | |||||
| CVE-2021-46823 | 1 Python-ldap | 1 Python-ldap | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. | |||||
| CVE-2021-45470 | 1 Circl | 1 Cve-search | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts. | |||||
| CVE-2021-39933 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack. | |||||
| CVE-2021-23382 | 1 Postcss | 1 Postcss | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*). | |||||
| CVE-2021-25292 | 1 Python | 1 Pillow | 2023-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. | |||||
| CVE-2021-28092 | 1 Is-svg Project | 1 Is-svg | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time. | |||||
| CVE-2021-40892 | 1 Validate Color Project | 1 Validate Color | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings. | |||||
| CVE-2021-40893 | 1 Validate Data Project | 1 Validate Data | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails. | |||||
| CVE-2021-40897 | 1 Split-html-to-chars Project | 1 Split-html-to-chars | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls. | |||||
| CVE-2021-40896 | 1 That-value Project | 1 That-value | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails. | |||||
| CVE-2021-40901 | 1 Scniro-validator Project | 1 Scniro-validator | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails. | |||||
| CVE-2021-40894 | 1 Underscore-99xp Project | 1 Underscore-99xp | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called. | |||||
| CVE-2022-25758 | 1 Scss-tokenizer Project | 1 Scss-tokenizer | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex. | |||||
| CVE-2022-1954 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers | |||||
| CVE-2021-42248 | 1 Gjson Project | 1 Gjson | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON input. | |||||
| CVE-2021-23354 | 1 Adaltas | 1 Printf | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity. | |||||