Total
387 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3842 | 3 Debian, Fedoraproject, Nltk | 3 Debian Linux, Fedora, Nltk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
nltk is vulnerable to Inefficient Regular Expression Complexity
|
|||||
| CVE-2021-3828 | 1 Nltk | 1 Nltk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
nltk is vulnerable to Inefficient Regular Expression Complexity
|
|||||
| CVE-2021-3822 | 1 Jsoneditoronline | 1 Jsoneditor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
jsoneditor is vulnerable to Inefficient Regular Expression Complexity
|
|||||
| CVE-2021-3820 | 1 Inflect Project | 1 Inflect | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
inflect is vulnerable to Inefficient Regular Expression Complexity
|
|||||
| CVE-2021-3810 | 1 Coder | 1 Code-server | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
code-server is vulnerable to Inefficient Regular Expression Complexity
|
|||||
| CVE-2021-3807 | 2 Ansi-regex Project, Oracle | 2 Ansi-regex, Communications Cloud Native Core Policy | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
|
|||||
| CVE-2021-3804 | 1 Taro | 1 Taro | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
taro is vulnerable to Inefficient Regular Expression Complexity
|
|||||
| CVE-2021-3803 | 2 Debian, Nth-check Project | 2 Debian Linux, Nth-check | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
nth-check is vulnerable to Inefficient Regular Expression Complexity
|
|||||
| CVE-2021-3801 | 1 Prismjs | 1 Prism | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
prism is vulnerable to Inefficient Regular Expression Complexity
|
|||||
| CVE-2021-3795 | 1 Semver-regex Project | 1 Semver-regex | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
semver-regex is vulnerable to Inefficient Regular Expression Complexity
|
|||||
| CVE-2021-3777 | 1 Tmpl Project | 1 Tmpl | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity
|
|||||
| CVE-2021-3765 | 1 Validator Project | 1 Validator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
validator.js is vulnerable to Inefficient Regular Expression Complexity
|
|||||
| CVE-2021-3749 | 3 Axios, Oracle, Siemens | 3 Axios, Goldengate, Sinec Ins | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
axios is vulnerable to Inefficient Regular Expression Complexity
|
|||||
| CVE-2021-3649 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
chatwoot is vulnerable to Inefficient Regular Expression Complexity
|
|||||
| CVE-2021-39940 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent.
|
|||||
| CVE-2021-39933 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack.
|
|||||
| CVE-2021-33502 | 1 Normalize-url Project | 1 Normalize-url | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
|
|||||
| CVE-2021-32848 | 1 Octobox Project | 1 Octobox | 2024-11-21 | N/A | 7.5 HIGH |
|
Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807.
|
|||||
| CVE-2021-32821 | 1 Mootools | 1 Mootools | 2024-11-21 | N/A | 6.2 MEDIUM |
|
MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.
|
|||||
| CVE-2021-28092 | 1 Is-svg Project | 1 Is-svg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.
|
|||||
| CVE-2021-27291 | 3 Debian, Fedoraproject, Pygments | 3 Debian Linux, Fedora, Pygments | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
|
|||||
| CVE-2021-26813 | 2 Fedoraproject, Markdown2 Project | 2 Fedora, Markdown2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.
|
|||||
| CVE-2021-25292 | 1 Python | 1 Pillow | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
|
|||||
| CVE-2021-23490 | 1 Parse-link-header Project | 1 Parse-link-header | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function.
|
|||||
| CVE-2021-23446 | 1 Handsontable | 1 Handsontable | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function.
|
|||||
| CVE-2021-23382 | 1 Postcss | 1 Postcss | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*).
|
|||||
| CVE-2021-23364 | 1 Browserslist Project | 1 Browserslist | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
|
|||||
| CVE-2021-23362 | 2 Npmjs, Siemens | 2 Hosted-git-info, Sinec Infrastructure Network Services | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
|
|||||
| CVE-2021-23354 | 1 Adaltas | 1 Printf | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity.
|
|||||
| CVE-2021-21317 | 1 Uap-core Project | 1 Uap-core | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This is fixed in version 0.11.0. Downstream packages such as uap-python, uap-ruby etc which depe ...
Show More |
|||||
| CVE-2020-5243 | 1 Uap-core Project | 1 Uap-core | 2024-11-21 | 5.0 MEDIUM | 5.7 MEDIUM |
|
uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3.
|
|||||
| CVE-2020-36661 | 1 Konghq | 1 Multipart | 2024-11-21 | 2.7 LOW | 3.5 LOW |
|
A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this issue. The patch is identified as d632e5df43a2928fd537784a99a79dec288bf01b. It is recommended to upgrade the affected component. VDB-220642 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2020-36649 | 1 Papaparse | 1 Papaparse | 2024-11-21 | 2.3 LOW | 3.5 LOW |
|
A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.
|
|||||
| CVE-2020-26302 | 1 Is.js Project | 1 Is.js | 2024-11-21 | N/A | 7.5 HIGH |
|
is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to loop “forever." This vulnerability was found using a CodeQL query which identifies inefficient regular expressions. is.js has no patch for this issue.
|
|||||
| CVE-2020-1920 | 1 Facebook | 1 React-native | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.
|
|||||
| CVE-2019-25103 | 1 Khanacademy | 1 Simple-markdown | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The patch is named 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerabil ...
Show More |
|||||
| CVE-2019-25102 | 1 Khanacademy | 1 Simple-markdown | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input <<<<<<<<<<:/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.6.1 is able to address this issue. The patch is identified as 015a719bf5cdc561feea05500ecb3274ef609c ...
Show More |
|||||
| CVE-2019-16215 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages.
|
|||||
| CVE-2019-12041 | 1 Remarkable Project | 1 Remarkable | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section.
|
|||||
| CVE-2018-25079 | 1 Segment | 1 Is-url | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The patch is identified as 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this ...
Show More |
|||||