Total
387 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25758 | 1 Scss-tokenizer Project | 1 Scss-tokenizer | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.
|
|||||
| CVE-2022-25598 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
|
|||||
| CVE-2022-24836 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.
|
|||||
| CVE-2022-24729 | 4 Ckeditor, Drupal, Fedoraproject and 1 more | 9 Ckeditor, Drupal, Fedora and 6 more | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
|
|||||
| CVE-2022-24713 | 3 Debian, Fedoraproject, Rust-lang | 3 Debian Linux, Fedora, Regex | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amo ...
Show More |
|||||
| CVE-2022-23548 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.
|
|||||
| CVE-2022-21681 | 2 Fedoraproject, Marked Project | 2 Fedora, Marked | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasona ...
Show More |
|||||
| CVE-2022-21680 | 2 Fedoraproject, Marked Project | 2 Fedora, Marked | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set ...
Show More |
|||||
| CVE-2022-21670 | 1 Markdown-it Project | 1 Markdown-it | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.
|
|||||
| CVE-2022-21195 | 1 Url-regex Project | 1 Url-regex | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
All versions of package url-regex are vulnerable to Regular Expression Denial of Service (ReDoS) which can cause the CPU usage to crash.
|
|||||
| CVE-2022-1954 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers
|
|||||
| CVE-2022-1930 | 1 Ethereum | 1 Eth-account | 2024-11-21 | N/A | 5.9 MEDIUM |
|
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method
|
|||||
| CVE-2022-1929 | 1 Devcert Project | 1 Devcert | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
|
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
|
|||||
| CVE-2022-1510 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption.
|
|||||
| CVE-2021-4437 | 1 Dbartholomae | 1 Lambda-middleware | 2024-11-21 | 2.7 LOW | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The manipulation leads to inefficient regular expression complexity. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as f689404d830cbc1edd6a1018d3334ff5f44dc6a6. It is recommended to ...
Show More |
|||||
| CVE-2021-4306 | 1 Terminal-kit Project | 1 Terminal-kit | 2024-11-21 | 2.3 LOW | 3.5 LOW |
|
A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affected is an unknown function. The manipulation leads to inefficient regular expression complexity. Upgrading to version 2.1.8 is able to address this issue. The name of the patch is a2e446cc3927b559d0281683feb9b821e83b758c. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217620.
|
|||||
| CVE-2021-4305 | 1 Bridgeline | 1 Robots-txt-guard | 2024-11-21 | 2.3 LOW | 3.5 LOW |
|
A vulnerability was found in Woorank robots-txt-guard. It has been rated as problematic. Affected by this issue is the function makePathPattern of the file lib/patterns.js. The manipulation of the argument pattern leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. The name of the patch is c03827cd2f9933619c23894ce7c98401ea824020. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217448.
|
|||||
| CVE-2021-4299 | 1 String Kit Project | 1 String Kit | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 0.12.8 is able to address this issue. The name of the patch is 9cac4c298ee92c1695b0695951f1488884a7ca73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VD ...
Show More |
|||||
| CVE-2021-46823 | 1 Python-ldap | 1 Python-ldap | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
|
|||||
| CVE-2021-45470 | 1 Circl | 1 Cve-search | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts.
|
|||||
| CVE-2021-43843 | 1 Jsx-slack Project | 1 Jsx-slack | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service (ReDoS) attack. If an attacker can put a lot of JSX elements into `<blockquote>` tag _with including multibyte characters_, an internal regular expression for escaping characters may consume an excessive amount of computing resources. v4.5.1 passes the test against ...
Show More |
|||||
| CVE-2021-43838 | 1 Jsx-slack Project | 1 Jsx-slack | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `<blockquote>` tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. jsx-slack v4.5.1 has patched to a regex for escaping blockquote characters. Users are advised to upgrade as soon as possible.
|
|||||
| CVE-2021-43805 | 1 Nebulab | 1 Solidus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no long ...
Show More |
|||||
| CVE-2021-43309 | 1 Litejs | 1 Uri-template-lite | 2024-11-21 | N/A | 5.9 MEDIUM |
|
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method
|
|||||
| CVE-2021-43308 | 1 Markdown-link-extractor Project | 1 Markdown-link-extractor | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
|
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function
|
|||||
| CVE-2021-43307 | 1 Semver-regex Project | 1 Semver-regex | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
|
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
|
|||||
| CVE-2021-43306 | 1 Jqueryvalidation | 1 Jquery Validation | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
|
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
|
|||||
| CVE-2021-41817 | 6 Debian, Fedoraproject, Opensuse and 3 more | 9 Debian Linux, Fedora, Factory and 6 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
|
|||||
| CVE-2021-41115 | 1 Zulip | 1 Zulip | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure "linkifiers" that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organization administrators could subject the server to a denial-of-service via regular expression complexity attacks; most simply, by configuring a quadratic-time regular expression in a linkifier, and sending messages that exploited it. A ...
Show More |
|||||
| CVE-2021-40901 | 1 Scniro-validator Project | 1 Scniro-validator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails.
|
|||||
| CVE-2021-40900 | 1 Regexfn Project | 1 Regexfn | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails.
|
|||||
| CVE-2021-40899 | 1 Repo-git-downloader Project | 1 Repo-git-downloader | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories.
|
|||||
| CVE-2021-40898 | 1 Scaffold-helper Project | 1 Scaffold-helper | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files.
|
|||||
| CVE-2021-40897 | 1 Split-html-to-chars Project | 1 Split-html-to-chars | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls.
|
|||||
| CVE-2021-40896 | 1 That-value Project | 1 That-value | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails.
|
|||||
| CVE-2021-40895 | 1 Todo-regex Project | 1 Todo-regex | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements.
|
|||||
| CVE-2021-40894 | 1 Underscore-99xp Project | 1 Underscore-99xp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called.
|
|||||
| CVE-2021-40893 | 1 Validate Data Project | 1 Validate Data | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails.
|
|||||
| CVE-2021-40892 | 1 Validate Color Project | 1 Validate Color | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings.
|
|||||
| CVE-2021-40660 | 1 Javadelight | 1 Nashorn Sandbox | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack.
|
|||||