Total
347 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31781 | 1 Apache | 1 Tapestry | 2024-11-21 | 7.5 High |
| Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor. | ||||
| CVE-2022-30973 | 2 Apache, Redhat | 2 Tika, Integration | 2024-11-21 | 5.5 Medium |
| We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3. | ||||
| CVE-2022-30126 | 3 Apache, Oracle, Redhat | 3 Tika, Primavera Unifier, Jboss Fuse | 2024-11-21 | 5.5 Medium |
| In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0 | ||||
| CVE-2022-30122 | 3 Debian, Rack Project, Redhat | 5 Debian Linux, Rack, Satellite and 2 more | 2024-11-21 | 7.5 High |
| A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. | ||||
| CVE-2022-2596 | 1 Node-fetch Project | 1 Node-fetch | 2024-11-21 | 5.9 Medium |
| Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10. | ||||
| CVE-2022-29158 | 1 Apache | 1 Ofbiz | 2024-11-21 | 7.5 High |
| Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599 | ||||
| CVE-2022-26650 | 1 Apache | 1 Shenyu | 2024-11-21 | 7.5 High |
| In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3. | ||||
| CVE-2022-25887 | 2 Apostrophecms, Redhat | 2 Sanitize-html, Acm | 2024-11-21 | 5.3 Medium |
| The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal. | ||||
| CVE-2022-25858 | 2 Redhat, Terser | 4 Acm, Service Mesh, Service Registry and 1 more | 2024-11-21 | 5.3 Medium |
| The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions. | ||||
| CVE-2022-25844 | 3 Angularjs, Fedoraproject, Netapp | 3 Angular, Fedora, Ontap Select Deploy Administration Utility | 2024-11-21 | 5.3 Medium |
| The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher. | ||||
| CVE-2022-25758 | 1 Scss-tokenizer Project | 1 Scss-tokenizer | 2024-11-21 | 5.3 Medium |
| All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex. | ||||
| CVE-2022-25598 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 7.5 High |
| Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. | ||||
| CVE-2022-24836 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Macos, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.5 High |
| Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue. | ||||
| CVE-2022-21195 | 1 Url-regex Project | 1 Url-regex | 2024-11-21 | 5.3 Medium |
| All versions of package url-regex are vulnerable to Regular Expression Denial of Service (ReDoS) which can cause the CPU usage to crash. | ||||
| CVE-2022-1954 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers | ||||
| CVE-2022-1930 | 1 Ethereum | 1 Eth-account | 2024-11-21 | 5.9 Medium |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method | ||||
| CVE-2022-1929 | 1 Devcert Project | 1 Devcert | 2024-11-21 | 5.9 Medium |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method | ||||
| CVE-2022-1510 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption. | ||||
| CVE-2021-4306 | 1 Terminal-kit Project | 1 Terminal-kit | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affected is an unknown function. The manipulation leads to inefficient regular expression complexity. Upgrading to version 2.1.8 is able to address this issue. The name of the patch is a2e446cc3927b559d0281683feb9b821e83b758c. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217620. | ||||
| CVE-2021-4299 | 1 String Kit Project | 1 String Kit | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 0.12.8 is able to address this issue. The name of the patch is 9cac4c298ee92c1695b0695951f1488884a7ca73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217180. | ||||