Total
303 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42969 | 1 Pytest | 1 Py | 2024-11-21 | 5.3 Medium |
| The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability. | ||||
| CVE-2022-42965 | 1 Snowflake | 1 Snowflake-connector-python | 2024-11-21 | 3.7 Low |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method | ||||
| CVE-2022-42124 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 7.5 High |
| ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype. | ||||
| CVE-2022-40897 | 2 Python, Redhat | 7 Setuptools, Enterprise Linux, Rhel Aus and 4 more | 2024-11-21 | 5.9 Medium |
| Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. | ||||
| CVE-2022-40023 | 3 Debian, Redhat, Sqlalchemy | 3 Debian Linux, Enterprise Linux, Mako | 2024-11-21 | 7.5 High |
| Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. | ||||
| CVE-2022-3517 | 4 Debian, Fedoraproject, Minimatch Project and 1 more | 9 Debian Linux, Fedora, Minimatch and 6 more | 2024-11-21 | 7.5 High |
| A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. | ||||
| CVE-2022-39280 | 1 Pyup | 1 Dependency Parser | 2024-11-21 | 5.9 Medium |
| dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed. | ||||
| CVE-2022-37734 | 2 Graphql-java Project, Redhat | 4 Graphql-java, Openshift Application Runtimes, Quarkus and 1 more | 2024-11-21 | 7.5 High |
| graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9. | ||||
| CVE-2022-37620 | 1 Html-minifier Project | 1 Html-minifier | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js. | ||||
| CVE-2022-37603 | 2 Redhat, Webpack.js | 8 Jboss Data Grid, Logging, Migration Toolkit Applications and 5 more | 2024-11-21 | 7.5 High |
| A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. | ||||
| CVE-2022-37599 | 2 Redhat, Webpack.js | 2 Jboss Enterprise Bpms Platform, Loader-utils | 2024-11-21 | 7.5 High |
| A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. | ||||
| CVE-2022-37262 | 1 Stealjs | 1 Steal | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js. | ||||
| CVE-2022-37260 | 1 Stealjs | 1 Steal | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js. | ||||
| CVE-2022-37259 | 1 Stealjs | 1 Steal | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js. | ||||
| CVE-2022-36064 | 1 Shescape Project | 1 Shescape | 2024-11-21 | 5.9 Medium |
| Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells `Bash` and `Dash`, or any not-officially-supported Unix shell; and/or using the `escape` or `escapeAll` functions with the `interpolation` option set to `true`. An attacker can cause polynomial backtracking or quadratic runtime in terms of the input string length due to two Regular Expressions in Shescape that are vulnerable to Regular Expression Denial of Service (ReDoS). This bug has been patched in v1.5.10. For `Dash` only, this bug has been patched since v1.5.9. As a workaround, a maximum length can be enforced on input strings to Shescape to reduce the impact of the vulnerability. It is not recommended to try and detect vulnerable input strings, as the logic for this may end up being vulnerable to ReDoS itself. | ||||
| CVE-2022-36034 | 1 Nitrado.js Project | 1 Nitrado.js | 2024-11-21 | 7.5 High |
| nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. This issue has been patched in all versions above `0.2.5`. There are currently no known workarounds. | ||||
| CVE-2022-35923 | 1 V8n Project | 1 V8n | 2024-11-21 | 7.5 High |
| v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the `lowercase()` and `uppercase()` regex which could lead to a denial of service attack. In testing of the `lowercase()` function a payload of 'a' + 'a'.repeat(i) + 'A' with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase(). Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2022-34749 | 2 Fedoraproject, Mistune Project | 2 Fedora, Mistune | 2024-11-21 | 7.5 High |
| In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking. | ||||
| CVE-2022-34428 | 1 Dell | 1 Hybrid Client | 2024-11-21 | 5 Medium |
| Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. | ||||
| CVE-2022-34402 | 1 Dell | 7 Latitude 3420, Optiplex 3000 Thin Client, Wyse 3040 Thin Client and 4 more | 2024-11-21 | 6.8 Medium |
| Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service. | ||||