Total
303 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43309 | 1 Litejs | 1 Uri-template-lite | 2024-11-21 | 5.9 Medium |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method | ||||
| CVE-2021-43308 | 1 Markdown-link-extractor Project | 1 Markdown-link-extractor | 2024-11-21 | 5.9 Medium |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function | ||||
| CVE-2021-43307 | 1 Semver-regex Project | 1 Semver-regex | 2024-11-21 | 5.9 Medium |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method | ||||
| CVE-2021-43306 | 1 Jqueryvalidation | 1 Jquery Validation | 2024-11-21 | 5.9 Medium |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method | ||||
| CVE-2021-41817 | 6 Debian, Fedoraproject, Opensuse and 3 more | 12 Debian Linux, Fedora, Factory and 9 more | 2024-11-21 | 7.5 High |
| Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. | ||||
| CVE-2021-41115 | 1 Zulip | 1 Zulip | 2024-11-21 | 4.3 Medium |
| Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure "linkifiers" that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organization administrators could subject the server to a denial-of-service via regular expression complexity attacks; most simply, by configuring a quadratic-time regular expression in a linkifier, and sending messages that exploited it. A regular expression attempted to parse the user-provided regexes to verify that they were safe from ReDoS -- this was both insufficient, as well as _itself_ subject to ReDoS if the organization administrator entered a sufficiently complex invalid regex. Affected users should [upgrade to the just-released Zulip 4.7](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-to-a-release), or [`main`](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository). | ||||
| CVE-2021-40901 | 1 Scniro-validator Project | 1 Scniro-validator | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails. | ||||
| CVE-2021-40900 | 1 Regexfn Project | 1 Regexfn | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails. | ||||
| CVE-2021-40899 | 1 Repo-git-downloader Project | 1 Repo-git-downloader | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories. | ||||
| CVE-2021-40898 | 1 Scaffold-helper Project | 1 Scaffold-helper | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files. | ||||
| CVE-2021-40897 | 1 Split-html-to-chars Project | 1 Split-html-to-chars | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls. | ||||
| CVE-2021-40896 | 1 That-value Project | 1 That-value | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails. | ||||
| CVE-2021-40895 | 1 Todo-regex Project | 1 Todo-regex | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements. | ||||
| CVE-2021-40894 | 1 Underscore-99xp Project | 1 Underscore-99xp | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called. | ||||
| CVE-2021-40893 | 1 Validate Data Project | 1 Validate Data | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails. | ||||
| CVE-2021-40892 | 1 Validate Color Project | 1 Validate Color | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings. | ||||
| CVE-2021-40660 | 1 Javadelight | 1 Nashorn Sandbox | 2024-11-21 | 7.5 High |
| An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack. | ||||
| CVE-2021-3842 | 3 Debian, Fedoraproject, Nltk | 3 Debian Linux, Fedora, Nltk | 2024-11-21 | 7.5 High |
| nltk is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3828 | 1 Nltk | 1 Nltk | 2024-11-21 | 7.5 High |
| nltk is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3822 | 1 Jsoneditoronline | 1 Jsoneditor | 2024-11-21 | 7.5 High |
| jsoneditor is vulnerable to Inefficient Regular Expression Complexity | ||||