Total
282 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23362 | 2 Npmjs, Siemens | 2 Hosted-git-info, Sinec Infrastructure Network Services | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. | |||||
| CVE-2021-23364 | 1 Browserslist Project | 1 Browserslist | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries. | |||||
| CVE-2021-23490 | 1 Parse-link-header Project | 1 Parse-link-header | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function. | |||||
| CVE-2021-23446 | 1 Handsontable | 1 Handsontable | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function. | |||||
| CVE-2021-23354 | 1 Adaltas | 1 Printf | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity. | |||||
| CVE-2021-25292 | 1 Python | 1 Pillow | 2023-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. | |||||
| CVE-2021-45470 | 1 Circl | 1 Cve-search | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts. | |||||
| CVE-2022-37260 | 1 Stealjs | 1 Steal | 2023-08-08 | N/A | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js. | |||||
| CVE-2022-21195 | 1 Url-regex Project | 1 Url-regex | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package url-regex are vulnerable to Regular Expression Denial of Service (ReDoS) which can cause the CPU usage to crash. | |||||
| CVE-2021-40893 | 1 Validate Data Project | 1 Validate Data | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails. | |||||
| CVE-2022-25887 | 1 Apostrophecms | 1 Sanitize-html | 2023-08-08 | N/A | 7.5 HIGH |
| The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal. | |||||
| CVE-2021-40894 | 1 Underscore-99xp Project | 1 Underscore-99xp | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called. | |||||
| CVE-2022-1510 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption. | |||||
| CVE-2022-31781 | 1 Apache | 1 Tapestry | 2023-08-02 | N/A | 7.5 HIGH |
| Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor. | |||||
| CVE-2023-39174 | 1 Jetbrains | 1 Teamcity | 2023-08-01 | N/A | 7.5 HIGH |
| In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers | |||||
| CVE-2023-36543 | 1 Apache | 1 Airflow | 2023-07-31 | N/A | 6.5 MEDIUM |
| Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected | |||||
| CVE-2022-21670 | 1 Markdown-it Project | 1 Markdown-it | 2023-07-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading. | |||||
| CVE-2022-1929 | 1 Devcert Project | 1 Devcert | 2023-07-24 | 5.0 MEDIUM | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method | |||||
| CVE-2022-31110 | 1 Rsshub | 1 Rsshub | 2023-07-24 | 5.0 MEDIUM | 7.5 HIGH |
| RSSHub is an open source, extensible RSS feed generator. In commits prior to 5c4177441417 passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. This results in an impact on the performance of the servers and RSSHub services which may lead to a denial of service. This issue has been fixed in commit 5c4177441417 and all users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-31147 | 1 Jqueryvalidation | 1 Jquery Validation | 2023-07-24 | N/A | 7.5 HIGH |
| The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch. | |||||