Total
212 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-23382 | 1 Postcss | 1 Postcss | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*). | |||||
CVE-2021-33502 | 1 Normalize-url Project | 1 Normalize-url | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs. | |||||
CVE-2021-23364 | 1 Browserslist Project | 1 Browserslist | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries. | |||||
CVE-2021-28092 | 1 Is-svg Project | 1 Is-svg | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time. | |||||
CVE-2021-23354 | 1 Adaltas | 1 Printf | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity. | |||||
CVE-2021-27291 | 3 Debian, Fedoraproject, Pygments | 3 Debian Linux, Fedora, Pygments | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. | |||||
CVE-2021-23362 | 2 Npmjs, Siemens | 2 Hosted-git-info, Sinec Infrastructure Network Services | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. | |||||
CVE-2021-26813 | 2 Fedoraproject, Markdown2 Project | 2 Fedora, Markdown2 | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time. | |||||
CVE-2021-25292 | 1 Python | 1 Pillow | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. | |||||
CVE-2023-22796 | 1 Activesupport Project | 1 Activesupport | 2024-02-02 | N/A | 7.5 HIGH |
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability. | |||||
CVE-2023-22795 | 3 Debian, Ruby-lang, Rubyonrails | 3 Debian Linux, Ruby, Rails | 2024-02-02 | N/A | 7.5 HIGH |
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. | |||||
CVE-2023-22792 | 1 Rubyonrails | 1 Rails | 2024-02-02 | N/A | 7.5 HIGH |
A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. |