Total
282 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3804 | 1 Taro | 1 Taro | 2023-07-10 | 7.8 HIGH | 7.5 HIGH |
| taro is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3807 | 2 Ansi-regex Project, Oracle | 2 Ansi-regex, Communications Cloud Native Core Policy | 2023-07-10 | 7.8 HIGH | 7.5 HIGH |
| ansi-regex is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3803 | 2 Debian, Nth-check Project | 2 Debian Linux, Nth-check | 2023-07-10 | 5.0 MEDIUM | 7.5 HIGH |
| nth-check is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3765 | 1 Validator Project | 1 Validator | 2023-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| validator.js is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2023-32610 | 1 Synck | 1 Mailform Pro Cgi | 2023-07-07 | N/A | 7.5 HIGH |
| Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition. | |||||
| CVE-2023-2232 | 1 Gitlab | 1 Gitlab | 2023-07-06 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix | |||||
| CVE-2022-42965 | 1 Snowflake | 1 Snowflake-connector-python | 2023-07-06 | N/A | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method | |||||
| CVE-2023-33290 | 1 Git-url-parse Project | 1 Git-url-parse | 2023-06-21 | N/A | 7.5 HIGH |
| The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python). | |||||
| CVE-2021-32837 | 1 Mechanize Project | 1 Mechanize | 2023-06-20 | N/A | 7.5 HIGH |
| mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue. | |||||
| CVE-2023-33950 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2023-05-31 | N/A | 7.5 HIGH |
| Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs. | |||||
| CVE-2022-23548 | 1 Discourse | 1 Discourse | 2023-05-16 | N/A | 6.5 MEDIUM |
| Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds. | |||||
| CVE-2023-30858 | 1 Denosaurs | 1 Emoji | 2023-05-08 | N/A | 7.5 HIGH |
| The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the `replace`, `unemojify`, or `strip` functions. | |||||
| CVE-2021-32848 | 1 Octobox Project | 1 Octobox | 2023-03-01 | N/A | 7.5 HIGH |
| Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807. | |||||
| CVE-2023-24807 | 1 Nodejs | 1 Undici | 2023-02-24 | N/A | 7.5 HIGH |
| Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available. | |||||
| CVE-2023-25167 | 1 Discourse | 1 Discourse | 2023-02-18 | N/A | 5.7 MEDIUM |
| Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-22799 | 1 Rubyonrails | 1 Globalid | 2023-02-16 | N/A | 7.5 HIGH |
| A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately. | |||||
| CVE-2023-25166 | 1 Hapi | 1 Formula | 2023-02-16 | N/A | 6.5 MEDIUM |
| formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-23621 | 1 Discourse | 1 Discourse | 2023-02-14 | N/A | 7.5 HIGH |
| Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds. | |||||
| CVE-2021-32821 | 1 Mootools | 1 Mootools | 2023-01-10 | N/A | 7.5 HIGH |
| MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue. | |||||
| CVE-2022-23514 | 1 Loofah Project | 1 Loofah | 2022-12-19 | N/A | 7.5 HIGH |
| Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. | |||||