Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-40894

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-24 Jun, 2022 | 21:09
Updated At-04 Aug, 2024 | 02:51
Rejected At-
Credits

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:24 Jun, 2022 | 21:09
Updated At:04 Aug, 2024 | 02:51
Rejected At:
▼CVE Numbering Authority (CNA)

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/yetingli/SaveResults/blob/main/js/underscore-99xp.mjs
x_refsource_MISC
Hyperlink: https://github.com/yetingli/SaveResults/blob/main/js/underscore-99xp.mjs
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/yetingli/SaveResults/blob/main/js/underscore-99xp.mjs
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/yetingli/SaveResults/blob/main/js/underscore-99xp.mjs
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:24 Jun, 2022 | 22:15
Updated At:08 Aug, 2023 | 14:22

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
underscore-99xp_project
underscore-99xp_project
>>underscore-99xp>>1.7.2
cpe:2.3:a:underscore-99xp_project:underscore-99xp:1.7.2:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-1333Primarynvd@nist.gov
CWE ID: CWE-1333
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/yetingli/SaveResults/blob/main/js/underscore-99xp.mjscve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://github.com/yetingli/SaveResults/blob/main/js/underscore-99xp.mjs
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

220Records found
CVE-2021-3795
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.34%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 16:23
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in sindresorhus/semver-regex

semver-regex is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-semver-regex_projectsindresorhus
Product-semver-regexsindresorhus/semver-regex
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3810
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.91%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 06:15
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in cdr/code-server

code-server is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-codercdr
Product-code-servercdr/code-server
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3803
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.85%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in fb55/nth-check

nth-check is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-nth-check_projectfb55Debian GNU/Linux
Product-debian_linuxnth-checkfb55/nth-check
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-2132
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-1.35% / 79.30%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 00:00
Updated-07 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-13926
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.17%
||
7 Day CHG~0.00%
Published-19 Apr, 2025 | 06:00
Updated-27 Aug, 2025 | 12:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP-Syntax <= 1.2 - Author+ Potential ReDoS

The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS.

Action-Not Available
Vendor-connections-proUnknown
Product-wp-syntaxWP-Syntax
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-2800
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 68.89%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 10:31
Updated-18 Sep, 2024 | 12:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consumption in GitLab

ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3804
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.91%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 06:15
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in nervjs/taro

taro is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-taronervjs
Product-taronervjs/taro
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-0881
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.78%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 13:28
Updated-26 Aug, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DDoS in Ubuntu package linux-bluefield

Running DDoS on tcp port 22 will trigger a kernel crash. This issue is introduced by the backport of a commit regarding nft_lookup without the subsequent fixes that were introduced after this commit. The resolution of this CVE introduces those commits to the linux-bluefield package.

Action-Not Available
Vendor-UbuntuCanonical Ltd.
Product-linux-bluefieldUbuntu package linux-bluefield
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-20
Improper Input Validation
CVE-2021-3842
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.31%
||
7 Day CHG-0.20%
Published-04 Jan, 2022 | 14:50
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in nltk/nltk

nltk is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-nltknltkDebian GNU/LinuxFedora Project
Product-fedoradebian_linuxnltknltk/nltk
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-0632
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 56.88%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 23:36
Updated-22 May, 2025 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3794
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.99%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 12:25
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in vuelidate/vuelidate

vuelidate is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-vuelidate_projectvuelidate
Product-vuelidatevuelidate/vuelidate
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-25885
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.16%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 00:00
Updated-10 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string.

Action-Not Available
Vendor-n/axhtml2pdf
Product-n/axhtml2pdf
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3822
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.61%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 12:25
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in josdejong/jsoneditor

jsoneditor is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-jsoneditoronlinejosdejong
Product-jsoneditorjosdejong/jsoneditor
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-26146
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.57% / 67.68%
||
7 Day CHG+0.05%
Published-28 Feb, 2024 | 23:28
Updated-14 Feb, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible Denial of Service Vulnerability in Rack Header Parsing

Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.

Action-Not Available
Vendor-rackrackrack_projectDebian GNU/Linux
Product-debian_linuxrackrackrack
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-26142
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-2.47% / 84.66%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 15:25
Updated-14 Feb, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.

Action-Not Available
Vendor-Ruby on RailsRuby
Product-railsrubyrailsrails
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-24762
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.04%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 14:33
Updated-09 May, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
python-multipart vulnerable to content-type header Regular expression Denial of Service

`python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.

Action-Not Available
Vendor-encodefastapiexperttiangolotiangoloKludexencode
Product-python-multipartstarlettefastapifastapipython-multipartstarlette
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-25126
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 46.03%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 23:28
Updated-14 Feb, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rack ReDos in content type parsing (2nd degree polynomial)

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.

Action-Not Available
Vendor-rackrackrack_projectDebian GNU/Linux
Product-debian_linuxrackrackrack
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2018-25074
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.05% / 15.39%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 14:49
Updated-25 Nov, 2024 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prestaul skeemas base.js redos

A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The patch is named 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218003.

Action-Not Available
Vendor-skeemas_projectPrestaul
Product-skeemasskeemas
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2018-25077
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.05% / 15.78%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 00:58
Updated-05 Aug, 2024 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
melnaron mel-spintax spintax.js redos

A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is 37767617846e27b87b63004e30216e8f919637d3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218456.

Action-Not Available
Vendor-mel-spintax_projectmelnaron
Product-mel-spintaxmel-spintax
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3820
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 50.99%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 12:25
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in pksunkara/inflect

inflect is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-inflect_projectpksunkara
Product-inflectpksunkara/inflect
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2018-25061
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.12%
||
7 Day CHG~0.00%
Published-31 Dec, 2022 | 19:33
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
rgb2hex redos

A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The patch is named 9e0c38594432edfa64136fdf7bb651835e17c34f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217151.

Action-Not Available
Vendor-rgb2hex_projectn/a
Product-rgb2hexrgb2hex
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-23732
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.03%
||
7 Day CHG~0.00%
Published-21 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py.

Action-Not Available
Vendor-embedchainn/a
Product-embedchainn/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2018-25079
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.82%
||
7 Day CHG~0.00%
Published-04 Feb, 2023 | 03:57
Updated-05 Aug, 2024 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Segmentio is-url index.js redos

A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The patch is identified as 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-segmentSegmentio
Product-is-urlis-url
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3828
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.83%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 12:25
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in nltk/nltk

nltk is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-nltknltk
Product-nltknltk/nltk
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-697
Incorrect Comparison
CVE-2025-6493
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.34%
||
7 Day CHG~0.00%
Published-22 Jun, 2025 | 22:00
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeMirror Markdown Mode markdown.js redos

A vulnerability was found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."

Action-Not Available
Vendor-n/a
Product-CodeMirror
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2015-8315
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.33%
||
7 Day CHG~0.00%
Published-23 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

Action-Not Available
Vendor-verceln/avercel
Product-msn/ams
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-21539
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.34%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 05:00
Updated-19 Nov, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability.

Action-Not Available
Vendor-n/aeslint
Product-@eslint/plugin-kitrewrite
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-21538
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-8.7||HIGH
EPSS-0.11% / 29.89%
||
7 Day CHG-0.02%
Published-08 Nov, 2024 | 05:00
Updated-20 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

Action-Not Available
Vendor-n/across-spawn
Product-cross-spawnorg.webjars.npm:cross-spawncross-spawn
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2025-5897
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 23.20%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 21:00
Updated-10 Jul, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely.

Action-Not Available
Vendor-vuejsvuejs
Product-vue_clivue-cli
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-22640
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 79.08%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 00:00
Updated-21 May, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.

Action-Not Available
Vendor-tcpdf_projectn/atcpdf_projectFedora Project
Product-tcpdffedoran/atcpdf
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-22363
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.07%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 00:00
Updated-26 Aug, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS).

Action-Not Available
Vendor-n/asheetjs
Product-n/acommunity_edition
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-21490
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.18%
||
7 Day CHG~0.00%
Published-10 Feb, 2024 | 05:00
Updated-17 Jul, 2025 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).

Action-Not Available
Vendor-n/aAngularJS
Product-angular.jsorg.webjars.bower:angularorg.webjars.npm:angularangular
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-12720
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.53%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 10:11
Updated-01 Aug, 2025 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expression processes specially crafted input. The issue stems from the regex exhibiting exponential time complexity under certain conditions, leading to excessive backtracking. This can result in significantly high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.46.3 (latest).

Action-Not Available
Vendor-huggingfacehuggingface
Product-transformershuggingface/transformers
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2015-8854
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.02% / 76.29%
||
7 Day CHG~0.00%
Published-23 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)."

Action-Not Available
Vendor-marked_projectn/aFedora Project
Product-fedoramarkedn/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3749
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-8.37% / 91.93%
||
7 Day CHG-0.21%
Published-31 Aug, 2021 | 10:36
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in axios/axios

axios is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-axiosaxiosOracle CorporationSiemens AG
Product-sinec_insgoldengateaxiosaxios/axios
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-3765
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.27%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 07:05
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in validatorjs/validator.js

validator.js is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-validator_projectvalidatorjs
Product-validatorvalidatorjs/validator.js
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-35065
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.06%
||
7 Day CHG+0.16%
Published-26 Dec, 2022 | 00:00
Updated-14 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.

Action-Not Available
Vendor-gulpjsn/a
Product-glob-parentn/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3649
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.99%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 13:33
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in chatwoot/chatwoot

chatwoot is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-chatwootchatwoot
Product-chatwootchatwoot/chatwoot
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2018-25049
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3||LOW
EPSS-0.05% / 13.56%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 08:10
Updated-11 Apr, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
email-existence index.js redos

A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The name of the patch is 0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56. It is recommended to apply a patch to fix this issue. VDB-216854 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-email-existence_projectn/a
Product-email-existenceemail-existence
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2018-25110
Matching Score-4
Assigner-Checkmarx
ShareView Details
Matching Score-4
Assigner-Checkmarx
CVSS Score-6.9||MEDIUM
EPSS-0.10% / 27.45%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 14:53
Updated-13 Aug, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular Expression Denial of Service (ReDoS) in markedjs/marked

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown input, such as deeply nested or repetitively structured brackets or tag attributes, which cause the parser to hang and lead to a Denial of Service.

Action-Not Available
Vendor-marked_project
Product-marked
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-51931
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.54%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 00:00
Updated-13 Jan, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function.

Action-Not Available
Vendor-alanclarken/aalanclarke
Product-urliten/aurlite
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-33502
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.52%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 15:42
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.

Action-Not Available
Vendor-normalize-url_projectn/a
Product-normalize-urln/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-32837
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-4.07% / 88.07%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 00:00
Updated-10 Mar, 2025 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mechanize vulnerable to ReDoS

mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue.

Action-Not Available
Vendor-python-mechanizeSparkle Motion
Product-mechanizemechanize
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-32821
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.43% / 61.81%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 00:00
Updated-10 Mar, 2025 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular expression Denial of Service in MooTools

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.

Action-Not Available
Vendor-mootoolsmootools
Product-mootoolsmootools-core
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-32848
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.29%
||
7 Day CHG~0.00%
Published-20 Feb, 2023 | 00:00
Updated-10 Mar, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Octobox ReDoS vulnerability

Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807.

Action-Not Available
Vendor-octobox_projectoctobox
Product-octoboxoctobox
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-48631
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 56.36%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 13:09
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service of regular expression in package @adobe/css-tools

@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.

Action-Not Available
Vendor-Adobe Inc.
Product-css-toolsNot a product
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2022-44572
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.98%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-13 Feb, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

Action-Not Available
Vendor-rackn/a
Product-rackhttps://github.com/rack/rack
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2015-10005
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.05% / 14.07%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 08:05
Updated-11 Apr, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
markdown-it html_re.js redos

A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 89c8620157d6e38f9872811620d25138fc9d1b0d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216852.

Action-Not Available
Vendor-markdown-it_projectn/a
Product-markdown-itmarkdown-it
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-28092
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 71.99%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 21:31
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.

Action-Not Available
Vendor-is-svg_projectn/a
Product-is-svgn/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-45813
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.55% / 67.00%
||
7 Day CHG~0.00%
Published-18 Oct, 2023 | 20:26
Updated-13 Sep, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in TorBot

Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-validators_projecttorbot_projectDedSecInside
Product-torbotvalidatorsTorBot
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found