Total
303 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24762 | 3 Encode, Fastapiexpert, Tiangolo | 3 Starlette, Python-multipart, Fastapi | 2024-11-21 | 7.5 High |
| `python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7. | ||||
| CVE-2024-23732 | 1 Embedchain | 1 Embedchain | 2024-11-21 | 7.5 High |
| The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py. | ||||
| CVE-2024-22640 | 2024-11-21 | 7.5 High | ||
| TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color. | ||||
| CVE-2024-22363 | 2024-11-21 | 7.5 High | ||
| SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS). | ||||
| CVE-2024-21503 | 2 Python Software Foundation, Redhat | 2 Black, Ansible Automation Platform | 2024-11-21 | 5.3 Medium |
| Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings. | ||||
| CVE-2024-1963 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests. | ||||
| CVE-2024-1736 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration files. | ||||
| CVE-2024-1495 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file. | ||||
| CVE-2024-1493 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the server | ||||
| CVE-2023-6159 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input. | ||||
| CVE-2023-50249 | 1 Sentry | 1 Astro | 2024-11-21 | 7.5 High |
| Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has been patched in sentry/astro version 7.87.0. | ||||
| CVE-2023-4316 | 1 Zod | 1 Zod | 2024-11-21 | 7.5 High |
| Zod in versions 3.21.0 up to and including 3.22.3 allows an attacker to perform a denial of service while validating emails. | ||||
| CVE-2023-48631 | 2 Adobe, Redhat | 4 Css-tools, Migration Toolkit Applications, Migration Toolkit Runtimes and 1 more | 2024-11-21 | 5.3 Medium |
| @adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. | ||||
| CVE-2023-46402 | 1 Git-urls Project | 1 Git-urls | 2024-11-21 | 7.5 High |
| git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in urls.go. | ||||
| CVE-2023-45813 | 2 Torbot Project, Validators Project | 2 Torbot, Validators | 2024-11-21 | 4.6 Medium |
| Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-45806 | 1 Discourse | 1 Discourse | 2024-11-21 | 4.3 Medium |
| Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, if a user has been quoted and uses a `|` in their full name, they might be able to trigger a bug that generates a lot of duplicate content in all the posts they've been quoted by updating their full name again. Version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches contain a patch for this issue. No known workaround exists, although one can stop the "bleeding" by ensuring users only use alphanumeric characters in their full name field. | ||||
| CVE-2023-43665 | 3 Djangoproject, Fedoraproject, Redhat | 6 Django, Fedora, Ansible Automation Platform and 3 more | 2024-11-21 | 7.5 High |
| In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. | ||||
| CVE-2023-43646 | 2 Chaijs, Redhat | 2 Get-func-name, Openshift Data Foundation | 2024-11-21 | 8.6 High |
| get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service (redos) vulnerability which may lead to a denial of service when parsing malicious input. This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input: '\t'.repeat(54773) + '\t/function/i'. This issue has been addressed in commit `f934b228b` which has been included in releases from 2.0.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-40599 | 1 Synck Graphica | 1 Mailform Pro Cgi | 2024-11-21 | 7.5 High |
| Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js. | ||||
| CVE-2023-3994 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint. | ||||