Total
214 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29158 | 1 Apache | 1 Ofbiz | 2023-07-21 | N/A | 7.5 HIGH |
| Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599 | |||||
| CVE-2023-3424 | 1 Gitlab | 1 Gitlab | 2023-07-20 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. | |||||
| CVE-2021-43306 | 1 Jqueryvalidation | 1 Jquery Validation | 2023-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method | |||||
| CVE-2021-43307 | 1 Semver-regex Project | 1 Semver-regex | 2023-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method | |||||
| CVE-2021-43308 | 1 Markdown-link-extractor Project | 1 Markdown-link-extractor | 2023-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function | |||||
| CVE-2021-41115 | 1 Zulip | 1 Zulip | 2023-07-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure "linkifiers" that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organization administrators could subject the server to a denial-of-service via regular expression complexity attacks; most simply, by configuring a quadratic-time regular expression in a linkifier, and sending messages that exploited it. A regular expression attempted to parse the user-provided regexes to verify that they were safe from ReDoS -- this was both insufficient, as well as _itself_ subject to ReDoS if the organization administrator entered a sufficiently complex invalid regex. Affected users should [upgrade to the just-released Zulip 4.7](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-to-a-release), or [`main`](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository). | |||||
| CVE-2022-26650 | 1 Apache | 1 Shenyu | 2023-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3. | |||||
| CVE-2022-25598 | 1 Apache | 1 Dolphinscheduler | 2023-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. | |||||
| CVE-2022-39280 | 1 Pyup | 1 Dependency Parser | 2023-07-11 | N/A | 7.5 HIGH |
| dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed. | |||||
| CVE-2022-2596 | 1 Node-fetch Project | 1 Node-fetch | 2023-07-11 | N/A | 5.9 MEDIUM |
| Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10. | |||||
| CVE-2021-3795 | 1 Semver-regex Project | 1 Semver-regex | 2023-07-10 | 5.0 MEDIUM | 7.5 HIGH |
| semver-regex is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3810 | 1 Coder | 1 Code-server | 2023-07-10 | 7.8 HIGH | 7.5 HIGH |
| code-server is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3807 | 2 Ansi-regex Project, Oracle | 2 Ansi-regex, Communications Cloud Native Core Policy | 2023-07-10 | 7.8 HIGH | 7.5 HIGH |
| ansi-regex is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3804 | 1 Taro | 1 Taro | 2023-07-10 | 7.8 HIGH | 7.5 HIGH |
| taro is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3803 | 2 Debian, Nth-check Project | 2 Debian Linux, Nth-check | 2023-07-10 | 5.0 MEDIUM | 7.5 HIGH |
| nth-check is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3765 | 1 Validator Project | 1 Validator | 2023-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| validator.js is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2023-32610 | 1 Synck | 1 Mailform Pro Cgi | 2023-07-07 | N/A | 7.5 HIGH |
| Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition. | |||||
| CVE-2023-2232 | 1 Gitlab | 1 Gitlab | 2023-07-06 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix | |||||
| CVE-2022-42966 | 1 Python-poetry | 1 Cleo | 2023-07-06 | N/A | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method | |||||
| CVE-2022-42964 | 1 Pymatgen | 1 Pymatgen | 2023-07-06 | N/A | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method | |||||