Total
212 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-6159 | 1 Gitlab | 1 Gitlab | 2024-02-05 | N/A | 6.5 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input. | |||||
CVE-2023-3364 | 1 Gitlab | 1 Gitlab | 2024-02-05 | N/A | 7.5 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use AutolinkFilter to the preview_markdown endpoint. | |||||
CVE-2023-0632 | 1 Gitlab | 1 Gitlab | 2024-02-05 | N/A | 7.5 HIGH |
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry. | |||||
CVE-2023-3994 | 1 Gitlab | 1 Gitlab | 2024-02-05 | N/A | 7.5 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint. | |||||
CVE-2023-3424 | 1 Gitlab | 1 Gitlab | 2024-02-05 | N/A | 7.5 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. | |||||
CVE-2023-39174 | 1 Jetbrains | 1 Teamcity | 2024-02-05 | N/A | 7.5 HIGH |
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers | |||||
CVE-2023-36543 | 1 Apache | 1 Airflow | 2024-02-05 | N/A | 6.5 MEDIUM |
Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected | |||||
CVE-2023-26117 | 1 Angularjs | 1 Angular | 2024-02-04 | N/A | 5.3 MEDIUM |
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | |||||
CVE-2023-32758 | 2 Coala, Semgrep | 2 Git-url-parse, Semgrep | 2024-02-04 | N/A | 7.5 HIGH |
giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package. | |||||
CVE-2023-26118 | 1 Angularjs | 1 Angular | 2024-02-04 | N/A | 5.3 MEDIUM |
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | |||||
CVE-2022-25883 | 1 Npmjs | 1 Semver | 2024-02-04 | N/A | 7.5 HIGH |
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. | |||||
CVE-2023-2132 | 1 Gitlab | 1 Gitlab | 2024-02-04 | N/A | 7.5 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint. | |||||
CVE-2023-33950 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-02-04 | N/A | 7.5 HIGH |
Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs. | |||||
CVE-2023-32610 | 1 Synck | 1 Mailform Pro Cgi | 2024-02-04 | N/A | 7.5 HIGH |
Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition. | |||||
CVE-2023-2232 | 1 Gitlab | 1 Gitlab | 2024-02-04 | N/A | 6.5 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix | |||||
CVE-2023-2198 | 1 Gitlab | 1 Gitlab | 2024-02-04 | N/A | 7.5 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. | |||||
CVE-2023-30608 | 2 Debian, Sqlparse Project | 2 Debian Linux, Sqlparse | 2024-02-04 | N/A | 7.5 HIGH |
sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
CVE-2023-31606 | 1 Promptworks | 1 Redcloth | 2024-02-04 | N/A | 7.5 HIGH |
A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | |||||
CVE-2023-28756 | 3 Debian, Fedoraproject, Ruby-lang | 4 Debian Linux, Fedora, Ruby and 1 more | 2024-02-04 | N/A | 5.3 MEDIUM |
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. | |||||
CVE-2023-33289 | 1 Urlnorm Project | 1 Urlnorm | 2024-02-04 | N/A | 7.5 HIGH |
The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. |