Total
277 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12041 | 1 Remarkable Project | 1 Remarkable | 2024-08-04 | 7.5 High |
| lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section. | ||||
| CVE-2020-36661 | 1 Konghq | 1 Multipart | 2024-08-04 | 3.5 Low |
| A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this issue. The patch is identified as d632e5df43a2928fd537784a99a79dec288bf01b. It is recommended to upgrade the affected component. VDB-220642 is the identifier assigned to this vulnerability. | ||||
| CVE-2020-36649 | 1 Papaparse | 1 Papaparse | 2024-08-04 | 3.5 Low |
| A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004. | ||||
| CVE-2020-6817 | 1 Mozilla | 1 Bleach | 2024-08-04 | 7.5 High |
| bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). | ||||
| CVE-2020-5243 | 1 Uap-core Project | 1 Uap-core | 2024-08-04 | 5.7 Medium |
| uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3. | ||||
| CVE-2020-1920 | 1 Facebook | 1 React-native | 2024-08-04 | 7.5 High |
| A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1. | ||||
| CVE-2021-46823 | 1 Python-ldap | 1 Python-ldap | 2024-08-04 | 6.5 Medium |
| python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. | ||||
| CVE-2021-45470 | 1 Circl | 1 Cve-search | 2024-08-04 | 7.5 High |
| lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts. | ||||
| CVE-2021-43843 | 1 Jsx-slack Project | 1 Jsx-slack | 2024-08-04 | 5.3 Medium |
| jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service (ReDoS) attack. If an attacker can put a lot of JSX elements into `<blockquote>` tag _with including multibyte characters_, an internal regular expression for escaping characters may consume an excessive amount of computing resources. v4.5.1 passes the test against ASCII characters but misses the case of multibyte characters. jsx-slack v4.5.2 has updated regular expressions for escaping blockquote characters to prevent catastrophic backtracking. It is also including an updated test case to confirm rendering multiple tags in `<blockquote>` with multibyte characters. | ||||
| CVE-2021-43838 | 1 Jsx-slack Project | 1 Jsx-slack | 2024-08-04 | 5.3 Medium |
| jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `<blockquote>` tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. jsx-slack v4.5.1 has patched to a regex for escaping blockquote characters. Users are advised to upgrade as soon as possible. | ||||
| CVE-2021-43805 | 1 Nebulab | 1 Solidus | 2024-08-04 | 7.5 High |
| Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity. | ||||
| CVE-2021-43309 | 1 Litejs | 1 Uri-template-lite | 2024-08-04 | 5.9 Medium |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method | ||||
| CVE-2021-41817 | 6 Debian, Fedoraproject, Opensuse and 3 more | 12 Debian Linux, Fedora, Factory and 9 more | 2024-08-04 | 7.5 High |
| Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. | ||||
| CVE-2021-41115 | 1 Zulip | 1 Zulip | 2024-08-04 | 4.3 Medium |
| Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure "linkifiers" that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organization administrators could subject the server to a denial-of-service via regular expression complexity attacks; most simply, by configuring a quadratic-time regular expression in a linkifier, and sending messages that exploited it. A regular expression attempted to parse the user-provided regexes to verify that they were safe from ReDoS -- this was both insufficient, as well as _itself_ subject to ReDoS if the organization administrator entered a sufficiently complex invalid regex. Affected users should [upgrade to the just-released Zulip 4.7](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-to-a-release), or [`main`](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository). | ||||
| CVE-2021-40901 | 1 Scniro-validator Project | 1 Scniro-validator | 2024-08-04 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails. | ||||
| CVE-2021-40900 | 1 Regexfn Project | 1 Regexfn | 2024-08-04 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails. | ||||
| CVE-2021-40899 | 1 Repo-git-downloader Project | 1 Repo-git-downloader | 2024-08-04 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories. | ||||
| CVE-2021-40892 | 1 Validate Color Project | 1 Validate Color | 2024-08-04 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings. | ||||
| CVE-2021-40893 | 1 Validate Data Project | 1 Validate Data | 2024-08-04 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails. | ||||
| CVE-2021-40895 | 1 Todo-regex Project | 1 Todo-regex | 2024-08-04 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements. | ||||