Total
282 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43307 | 1 Semver-regex Project | 1 Semver-regex | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method | |||||
| CVE-2021-43306 | 1 Jqueryvalidation | 1 Jquery Validation | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method | |||||
| CVE-2021-41817 | 6 Debian, Fedoraproject, Opensuse and 3 more | 9 Debian Linux, Fedora, Factory and 6 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. | |||||
| CVE-2021-41115 | 1 Zulip | 1 Zulip | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure "linkifiers" that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organization administrators could subject the server to a denial-of-service via regular expression complexity attacks; most simply, by configuring a quadratic-time regular expression in a linkifier, and sending messages that exploited it. A regular expression attempted to parse the user-provided regexes to verify that they were safe from ReDoS -- this was both insufficient, as well as _itself_ subject to ReDoS if the organization administrator entered a sufficiently complex invalid regex. Affected users should [upgrade to the just-released Zulip 4.7](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-to-a-release), or [`main`](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository). | |||||
| CVE-2021-40901 | 1 Scniro-validator Project | 1 Scniro-validator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails. | |||||
| CVE-2021-40900 | 1 Regexfn Project | 1 Regexfn | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails. | |||||
| CVE-2021-40899 | 1 Repo-git-downloader Project | 1 Repo-git-downloader | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories. | |||||
| CVE-2021-40898 | 1 Scaffold-helper Project | 1 Scaffold-helper | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files. | |||||
| CVE-2021-40897 | 1 Split-html-to-chars Project | 1 Split-html-to-chars | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls. | |||||
| CVE-2021-40896 | 1 That-value Project | 1 That-value | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails. | |||||
| CVE-2021-40895 | 1 Todo-regex Project | 1 Todo-regex | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements. | |||||
| CVE-2021-40894 | 1 Underscore-99xp Project | 1 Underscore-99xp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called. | |||||
| CVE-2021-40893 | 1 Validate Data Project | 1 Validate Data | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails. | |||||
| CVE-2021-40892 | 1 Validate Color Project | 1 Validate Color | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings. | |||||
| CVE-2021-40660 | 1 Javadelight | 1 Nashorn Sandbox | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack. | |||||
| CVE-2021-3842 | 3 Debian, Fedoraproject, Nltk | 3 Debian Linux, Fedora, Nltk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| nltk is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3810 | 1 Coder | 1 Code-server | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| code-server is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3807 | 2 Ansi-regex Project, Oracle | 2 Ansi-regex, Communications Cloud Native Core Policy | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| ansi-regex is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3804 | 1 Taro | 1 Taro | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| taro is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3803 | 2 Debian, Nth-check Project | 2 Debian Linux, Nth-check | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| nth-check is vulnerable to Inefficient Regular Expression Complexity | |||||