Total
243 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8854 | 2 Fedoraproject, Marked Project | 2 Fedora, Marked | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)." | |||||
| CVE-2015-8315 | 1 Vercel | 1 Ms | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." | |||||
| CVE-2024-21539 | 2024-11-19 | N/A | 7.5 HIGH | ||
| Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability. | |||||
| CVE-2024-21538 | 2024-11-19 | N/A | 7.5 HIGH | ||
| Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. | |||||
| CVE-2024-52524 | 2024-11-18 | N/A | N/A | ||
| Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected. | |||||
| CVE-2024-24762 | 3 Encode, Fastapiexpert, Tiangolo | 3 Starlette, Python-multipart, Fastapi | 2024-11-18 | N/A | 7.5 HIGH |
| `python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7. | |||||
| CVE-2020-26305 | 1 Talyssonoc | 1 Commonregexjs | 2024-11-13 | N/A | 7.5 HIGH |
| CommonRegexJS is a CommonRegex port for JavaScript. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available. | |||||
| CVE-2020-26304 | 1 Foundation | 1 Foundation | 2024-11-13 | N/A | 7.5 HIGH |
| Foundation is a front-end framework. Versions 6.3.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any fixes are available. | |||||
| CVE-2020-26303 | 1 Bevacqua | 1 Insane | 2024-11-13 | N/A | 7.5 HIGH |
| insane is a whitelist-oriented HTML sanitizer. Versions 2.6.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available. | |||||
| CVE-2024-49761 | 1 Ruby-lang | 1 Rexml | 2024-11-05 | N/A | 7.5 HIGH |
| REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability. | |||||
| CVE-2022-37620 | 1 Html-minifier Project | 1 Html-minifier | 2024-11-04 | N/A | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js. | |||||
| CVE-2023-7279 | 1 Securesystems | 1 Connaisseur | 2024-11-01 | 1.4 LOW | 5.9 MEDIUM |
| A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targets_schema.json of the component Delegation Name Handler. The manipulation leads to inefficient regular expression complexity. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 524b73ff7306707f6d3a4d1e86401479bca91b02. It is recommended to upgrade the affected component. | |||||
| CVE-2020-26311 | 1 Useragent Project | 1 Useragent | 2024-10-30 | N/A | 7.5 HIGH |
| Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no patches are available. | |||||
| CVE-2024-50574 | 1 Jetbrains | 1 Youtrack | 2024-10-29 | N/A | 7.5 HIGH |
| In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality | |||||
| CVE-2022-40897 | 1 Python | 1 Setuptools | 2024-10-29 | N/A | 5.9 MEDIUM |
| Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. | |||||
| CVE-2020-26307 | 2024-10-28 | N/A | N/A | ||
| HTML2Markdown is a Javascript implementation for converting HTML to Markdown text. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available. | |||||
| CVE-2020-26309 | 2024-10-28 | N/A | N/A | ||
| Validate.js provides a declarative way of validating javascript objects. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any patches are available. | |||||
| CVE-2020-26306 | 2024-10-28 | N/A | N/A | ||
| Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available. | |||||
| CVE-2020-26308 | 2024-10-28 | N/A | N/A | ||
| Validate.js provides a declarative way of validating javascript objects. Versions 0.13.1 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available. | |||||
| CVE-2020-26310 | 2024-10-28 | N/A | N/A | ||
| Validate.js provides a declarative way of validating javascript objects. All versions as of 30 November 2020 contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any patches are available. | |||||