Total
282 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40901 | 1 Scniro-validator Project | 1 Scniro-validator | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails. | |||||
| CVE-2021-46823 | 1 Python-ldap | 1 Python-ldap | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. | |||||
| CVE-2021-40896 | 1 That-value Project | 1 That-value | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails. | |||||
| CVE-2021-40898 | 1 Scaffold-helper Project | 1 Scaffold-helper | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files. | |||||
| CVE-2021-40900 | 1 Regexfn Project | 1 Regexfn | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails. | |||||
| CVE-2022-42124 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2023-08-08 | N/A | 7.5 HIGH |
| ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype. | |||||
| CVE-2021-39933 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack. | |||||
| CVE-2021-33502 | 1 Normalize-url Project | 1 Normalize-url | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs. | |||||
| CVE-2021-28092 | 1 Is-svg Project | 1 Is-svg | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time. | |||||
| CVE-2022-40023 | 2 Debian, Sqlalchemy | 2 Debian Linux, Mako | 2023-08-08 | N/A | 7.5 HIGH |
| Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. | |||||
| CVE-2021-40899 | 1 Repo-git-downloader Project | 1 Repo-git-downloader | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories. | |||||
| CVE-2021-23382 | 1 Postcss | 1 Postcss | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*). | |||||
| CVE-2022-25758 | 1 Scss-tokenizer Project | 1 Scss-tokenizer | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex. | |||||
| CVE-2021-40897 | 1 Split-html-to-chars Project | 1 Split-html-to-chars | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls. | |||||
| CVE-2022-1954 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers | |||||
| CVE-2021-39940 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent. | |||||
| CVE-2021-40895 | 1 Todo-regex Project | 1 Todo-regex | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements. | |||||
| CVE-2022-25858 | 1 Terser | 1 Terser | 2023-08-08 | N/A | 7.5 HIGH |
| The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions. | |||||
| CVE-2021-40892 | 1 Validate Color Project | 1 Validate Color | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings. | |||||
| CVE-2022-37262 | 1 Stealjs | 1 Steal | 2023-08-08 | N/A | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js. | |||||