Total
277 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40894 | 1 Underscore-99xp Project | 1 Underscore-99xp | 2024-08-04 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called. | ||||
| CVE-2021-40896 | 1 That-value Project | 1 That-value | 2024-08-04 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails. | ||||
| CVE-2021-40897 | 1 Split-html-to-chars Project | 1 Split-html-to-chars | 2024-08-04 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls. | ||||
| CVE-2021-40898 | 1 Scaffold-helper Project | 1 Scaffold-helper | 2024-08-04 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files. | ||||
| CVE-2021-40660 | 1 Javadelight | 1 Nashorn Sandbox | 2024-08-04 | 7.5 High |
| An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack. | ||||
| CVE-2021-39940 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent. | ||||
| CVE-2021-39933 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack. | ||||
| CVE-2021-35065 | 2 Gulpjs, Redhat | 8 Glob-parent, Enterprise Linux, Logging and 5 more | 2024-08-04 | 7.5 High |
| The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression. | ||||
| CVE-2021-33502 | 2 Normalize-url Project, Redhat | 6 Normalize-url, Acm, Enterprise Linux and 3 more | 2024-08-03 | 7.5 High |
| The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs. | ||||
| CVE-2021-32848 | 1 Octobox Project | 1 Octobox | 2024-08-03 | 7.5 High |
| Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807. | ||||
| CVE-2021-32837 | 1 Mechanize Project | 1 Mechanize | 2024-08-03 | 7.5 High |
| mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue. | ||||
| CVE-2021-32821 | 1 Mootools | 1 Mootools | 2024-08-03 | 6.2 Medium |
| MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue. | ||||
| CVE-2021-28092 | 2 Is-svg Project, Redhat | 3 Is-svg, Acm, Openshift | 2024-08-03 | 7.5 High |
| The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time. | ||||
| CVE-2021-27291 | 4 Debian, Fedoraproject, Pygments and 1 more | 6 Debian Linux, Fedora, Pygments and 3 more | 2024-08-03 | 7.5 High |
| In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. | ||||
| CVE-2021-26813 | 2 Fedoraproject, Markdown2 Project | 2 Fedora, Markdown2 | 2024-08-03 | 7.5 High |
| markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time. | ||||
| CVE-2021-25292 | 2 Python, Redhat | 3 Pillow, Enterprise Linux, Quay | 2024-08-03 | 6.5 Medium |
| An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. | ||||
| CVE-2021-21317 | 1 Uap-core Project | 1 Uap-core | 2024-08-03 | 5.3 Medium |
| uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This is fixed in version 0.11.0. Downstream packages such as uap-python, uap-ruby etc which depend upon uap-core follow different version schemes. | ||||
| CVE-2021-4305 | 1 Bridgeline | 1 Robots-txt-guard | 2024-08-03 | 3.5 Low |
| A vulnerability was found in Woorank robots-txt-guard. It has been rated as problematic. Affected by this issue is the function makePathPattern of the file lib/patterns.js. The manipulation of the argument pattern leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. The name of the patch is c03827cd2f9933619c23894ce7c98401ea824020. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217448. | ||||
| CVE-2021-4299 | 1 String Kit Project | 1 String Kit | 2024-08-03 | 4.3 Medium |
| A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 0.12.8 is able to address this issue. The name of the patch is 9cac4c298ee92c1695b0695951f1488884a7ca73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217180. | ||||
| CVE-2021-4306 | 1 Terminal-kit Project | 1 Terminal-kit | 2024-08-03 | 3.5 Low |
| A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affected is an unknown function. The manipulation leads to inefficient regular expression complexity. Upgrading to version 2.1.8 is able to address this issue. The name of the patch is a2e446cc3927b559d0281683feb9b821e83b758c. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217620. | ||||