Total
214 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3514 | 1 Gitlab | 1 Gitlab | 2023-01-18 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser. | |||||
| CVE-2022-4131 | 1 Gitlab | 1 Gitlab | 2023-01-18 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents. | |||||
| CVE-2021-32821 | 1 Mootools | 1 Mootools | 2023-01-10 | N/A | 7.5 HIGH |
| MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue. | |||||
| CVE-2020-1920 | 1 Facebook | 1 React-native | 2022-10-06 | 5.0 MEDIUM | 7.5 HIGH |
| A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1. | |||||
| CVE-2021-43843 | 1 Jsx-slack Project | 1 Jsx-slack | 2022-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service (ReDoS) attack. If an attacker can put a lot of JSX elements into `<blockquote>` tag _with including multibyte characters_, an internal regular expression for escaping characters may consume an excessive amount of computing resources. v4.5.1 passes the test against ASCII characters but misses the case of multibyte characters. jsx-slack v4.5.2 has updated regular expressions for escaping blockquote characters to prevent catastrophic backtracking. It is also including an updated test case to confirm rendering multiple tags in `<blockquote>` with multibyte characters. | |||||
| CVE-2021-3820 | 1 Inflect Project | 1 Inflect | 2022-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| inflect is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3801 | 1 Prismjs | 1 Prism | 2022-07-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| prism is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3794 | 1 Vuelidate Project | 1 Vuelidate | 2022-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| vuelidate is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3777 | 1 Tmpl Project | 1 Tmpl | 2022-07-29 | 7.8 HIGH | 7.5 HIGH |
| nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3822 | 1 Jsoneditoronline | 1 Jsoneditor | 2022-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| jsoneditor is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3649 | 1 Chatwoot | 1 Chatwoot | 2022-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| chatwoot is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3828 | 1 Nltk | 1 Nltk | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| nltk is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3842 | 3 Debian, Fedoraproject, Nltk | 3 Debian Linux, Fedora, Nltk | 2022-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| nltk is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-43805 | 1 Nebulab | 1 Solidus | 2021-12-08 | 5.0 MEDIUM | 7.5 HIGH |
| Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity. | |||||