Total
212 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35923 | 1 V8n Project | 1 V8n | 2024-02-04 | N/A | 7.5 HIGH |
| v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the `lowercase()` and `uppercase()` regex which could lead to a denial of service attack. In testing of the `lowercase()` function a payload of 'a' + 'a'.repeat(i) + 'A' with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase(). Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-37262 | 1 Stealjs | 1 Steal | 2024-02-04 | N/A | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js. | |||||
| CVE-2022-1954 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers | |||||
| CVE-2022-40023 | 2 Debian, Sqlalchemy | 2 Debian Linux, Mako | 2024-02-04 | N/A | 7.5 HIGH |
| Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. | |||||
| CVE-2022-37259 | 1 Stealjs | 1 Steal | 2024-02-04 | N/A | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js. | |||||
| CVE-2022-2596 | 1 Node-fetch Project | 1 Node-fetch | 2024-02-04 | N/A | 5.9 MEDIUM |
| Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10. | |||||
| CVE-2022-31147 | 1 Jqueryvalidation | 1 Jquery Validation | 2024-02-04 | N/A | 7.5 HIGH |
| The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch. | |||||
| CVE-2022-36064 | 1 Shescape Project | 1 Shescape | 2024-02-04 | N/A | 7.5 HIGH |
| Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells `Bash` and `Dash`, or any not-officially-supported Unix shell; and/or using the `escape` or `escapeAll` functions with the `interpolation` option set to `true`. An attacker can cause polynomial backtracking or quadratic runtime in terms of the input string length due to two Regular Expressions in Shescape that are vulnerable to Regular Expression Denial of Service (ReDoS). This bug has been patched in v1.5.10. For `Dash` only, this bug has been patched since v1.5.9. As a workaround, a maximum length can be enforced on input strings to Shescape to reduce the impact of the vulnerability. It is not recommended to try and detect vulnerable input strings, as the logic for this may end up being vulnerable to ReDoS itself. | |||||
| CVE-2022-24373 | 1 Swmansion | 1 React Native Reanimated | 2024-02-04 | N/A | 7.5 HIGH |
| The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js. | |||||
| CVE-2022-25887 | 1 Apostrophecms | 1 Sanitize-html | 2024-02-04 | N/A | 7.5 HIGH |
| The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal. | |||||
| CVE-2022-2908 | 1 Gitlab | 1 Gitlab | 2024-02-04 | N/A | 4.3 MEDIUM |
| A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field. | |||||
| CVE-2022-34428 | 1 Dell | 1 Hybrid Client | 2024-02-04 | N/A | 2.7 LOW |
| Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. | |||||
| CVE-2022-21222 | 1 Css-what Project | 1 Css-what | 2024-02-04 | N/A | 7.5 HIGH |
| The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function. | |||||
| CVE-2022-42965 | 1 Snowflake | 1 Snowflake-connector-python | 2024-02-04 | N/A | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method | |||||
| CVE-2022-34749 | 2 Fedoraproject, Mistune Project | 2 Fedora, Mistune | 2024-02-04 | N/A | 7.5 HIGH |
| In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking. | |||||
| CVE-2022-42964 | 1 Pymatgen | 1 Pymatgen | 2024-02-04 | N/A | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method | |||||
| CVE-2022-42966 | 1 Python-poetry | 1 Cleo | 2024-02-04 | N/A | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method | |||||
| CVE-2022-39280 | 1 Pyup | 1 Dependency Parser | 2024-02-04 | N/A | 7.5 HIGH |
| dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed. | |||||
| CVE-2022-34402 | 1 Dell | 7 Latitude 3420, Optiplex 3000 Thin Client, Wyse 3040 Thin Client and 4 more | 2024-02-04 | N/A | 4.9 MEDIUM |
| Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service. | |||||
| CVE-2022-1930 | 1 Ethereum | 1 Eth-account | 2024-02-04 | N/A | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method | |||||