Total
295 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16215 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages. | |||||
| CVE-2019-12041 | 1 Remarkable Project | 1 Remarkable | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section. | |||||
| CVE-2018-25079 | 1 Segment | 1 Is-url | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The patch is identified as 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability. | |||||
| CVE-2018-25077 | 1 Mel-spintax Project | 1 Mel-spintax | 2024-11-21 | 2.3 LOW | 3.5 LOW |
| A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is 37767617846e27b87b63004e30216e8f919637d3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218456. | |||||
| CVE-2018-25074 | 1 Skeemas Project | 1 Skeemas | 2024-11-21 | 2.3 LOW | 3.5 LOW |
| A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The patch is named 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218003. | |||||
| CVE-2018-25061 | 1 Rgb2hex Project | 1 Rgb2hex | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The patch is named 9e0c38594432edfa64136fdf7bb651835e17c34f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217151. | |||||
| CVE-2018-25049 | 1 Email-existence Project | 1 Email-existence | 2024-11-21 | N/A | 3.0 LOW |
| A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The name of the patch is 0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56. It is recommended to apply a patch to fix this issue. VDB-216854 is the identifier assigned to this vulnerability. | |||||
| CVE-2017-20165 | 1 Debug Project | 1 Debug | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The identifier of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability. | |||||
| CVE-2017-20162 | 1 Vercel | 1 Ms | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is named caae2988ba2a37765d055c4eee63d383320ee662. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217451. | |||||
| CVE-2017-16021 | 1 Garycourt | 1 Uri-js | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100% usage while uri-js is trying to validate if the supplied URL is valid or not. To check if you're vulnerable, look for a call to `require("uri-js").parse()` where a user is able to send their own input. This affects uri-js 2.1.1 and earlier. | |||||
| CVE-2015-10005 | 1 Markdown-it Project | 1 Markdown-it | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 89c8620157d6e38f9872811620d25138fc9d1b0d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216852. | |||||
| CVE-2024-21539 | 2024-11-19 | N/A | 7.5 HIGH | ||
| Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability. | |||||
| CVE-2024-21538 | 2024-11-19 | N/A | 7.5 HIGH | ||
| Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. | |||||
| CVE-2020-26305 | 1 Talyssonoc | 1 Commonregexjs | 2024-11-13 | N/A | 7.5 HIGH |
| CommonRegexJS is a CommonRegex port for JavaScript. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available. | |||||
| CVE-2020-26304 | 1 Foundation | 1 Foundation | 2024-11-13 | N/A | 7.5 HIGH |
| Foundation is a front-end framework. Versions 6.3.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any fixes are available. | |||||
| CVE-2020-26303 | 1 Bevacqua | 1 Insane | 2024-11-13 | N/A | 7.5 HIGH |
| insane is a whitelist-oriented HTML sanitizer. Versions 2.6.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available. | |||||
| CVE-2023-7279 | 1 Securesystems | 1 Connaisseur | 2024-11-01 | 1.4 LOW | 2.6 LOW |
| A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targets_schema.json of the component Delegation Name Handler. The manipulation leads to inefficient regular expression complexity. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 524b73ff7306707f6d3a4d1e86401479bca91b02. It is recommended to upgrade the affected component. | |||||
| CVE-2020-26311 | 1 Useragent Project | 1 Useragent | 2024-10-30 | N/A | 7.5 HIGH |
| Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no patches are available. | |||||
| CVE-2024-50574 | 1 Jetbrains | 1 Youtrack | 2024-10-29 | N/A | 5.3 MEDIUM |
| In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality | |||||
| CVE-2020-26307 | 2024-10-28 | N/A | N/A | ||
| HTML2Markdown is a Javascript implementation for converting HTML to Markdown text. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available. | |||||