Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-40901

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-27 Jun, 2022 | 11:38
Updated At-04 Aug, 2024 | 02:51
Rejected At-
Credits

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:27 Jun, 2022 | 11:38
Updated At:04 Aug, 2024 | 02:51
Rejected At:
▼CVE Numbering Authority (CNA)

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/yetingli/SaveResults/blob/main/js/scniro-validator.js
x_refsource_MISC
Hyperlink: https://github.com/yetingli/SaveResults/blob/main/js/scniro-validator.js
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/yetingli/SaveResults/blob/main/js/scniro-validator.js
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/yetingli/SaveResults/blob/main/js/scniro-validator.js
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:27 Jun, 2022 | 13:15
Updated At:08 Aug, 2023 | 14:22

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
scniro-validator_project
scniro-validator_project
>>scniro-validator>>1.0.1
cpe:2.3:a:scniro-validator_project:scniro-validator:1.0.1:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-1333Primarynvd@nist.gov
CWE ID: CWE-1333
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/yetingli/SaveResults/blob/main/js/scniro-validator.jscve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://github.com/yetingli/SaveResults/blob/main/js/scniro-validator.js
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

220Records found
CVE-2021-45470
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.35%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 20:32
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts.

Action-Not Available
Vendor-circln/a
Product-cve-searchn/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-5552
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.93%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 18:09
Updated-23 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ReDoS in kubeflow/kubeflow

kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes the application to consume an excessive amount of CPU resources. This vulnerability affects the latest version of kubeflow/kubeflow, specifically within the centraldashboard-angular backend component. The impact of exploiting this vulnerability includes resource exhaustion, and service disruption.

Action-Not Available
Vendor-kubeflowkubeflowkubeflow
Product-kubeflowkubeflow/kubeflowkubeflow
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-50574
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 0.52%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 12:55
Updated-29 Oct, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-49761
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.6||MEDIUM
EPSS-1.20% / 78.09%
||
7 Day CHG+0.18%
Published-28 Oct, 2024 | 14:10
Updated-21 Mar, 2025 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
REXML ReDoS vulnerability

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.

Action-Not Available
Vendor-NetApp, Inc.Ruby
Product-rexmlontap_toolsrubyrexmlrexml
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-43838
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.62%
||
7 Day CHG~0.00%
Published-17 Dec, 2021 | 18:20
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular Expression Denial of Service (ReDoS) in jsx-slack

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `<blockquote>` tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. jsx-slack v4.5.1 has patched to a regex for escaping blockquote characters. Users are advised to upgrade as soon as possible.

Action-Not Available
Vendor-jsx-slack_projectyhatt
Product-jsx-slackjsx-slack
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-43306
Matching Score-4
Assigner-JFrog
ShareView Details
Matching Score-4
Assigner-JFrog
CVSS Score-5.9||MEDIUM
EPSS-1.00% / 76.08%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 16:47
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exponential ReDoS in jquery-validation

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method

Action-Not Available
Vendor-jqueryvalidationjquery-validation
Product-jquery_validationjquery-validation
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-43308
Matching Score-4
Assigner-JFrog
ShareView Details
Matching Score-4
Assigner-JFrog
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 32.59%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 16:47
Updated-16 Sep, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exponential ReDoS in markdown-link-extractor

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function

Action-Not Available
Vendor-markdown-link-extractor_projectmarkdown-link-extractor
Product-markdown-link-extractormarkdown-link-extractor
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-43307
Matching Score-4
Assigner-JFrog
ShareView Details
Matching Score-4
Assigner-JFrog
CVSS Score-5.9||MEDIUM
EPSS-2.16% / 83.60%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 16:47
Updated-17 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exponential ReDoS in semver-regex

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method

Action-Not Available
Vendor-semver-regex_projectsemver-regex
Product-semver-regexsemver-regex
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-43309
Matching Score-4
Assigner-JFrog
ShareView Details
Matching Score-4
Assigner-JFrog
CVSS Score-5.9||MEDIUM
EPSS-0.32% / 54.18%
||
7 Day CHG+0.23%
Published-24 Aug, 2022 | 15:48
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ReDoS in uri-template-lite URI.expand function

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method

Action-Not Available
Vendor-litejsuri-template-lite
Product-uri-template-liteuri-template-lite
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-4306
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.05% / 15.80%
||
7 Day CHG~0.00%
Published-07 Jan, 2023 | 16:29
Updated-03 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cronvel terminal-kit redos

A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affected is an unknown function. The manipulation leads to inefficient regular expression complexity. Upgrading to version 2.1.8 is able to address this issue. The name of the patch is a2e446cc3927b559d0281683feb9b821e83b758c. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217620.

Action-Not Available
Vendor-terminal-kit_projectcronvel
Product-terminal-kitterminal-kit
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-4299
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2023 | 07:57
Updated-03 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cronvel string-kit naturalSort.js naturalSort redos

A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 0.12.8 is able to address this issue. The name of the patch is 9cac4c298ee92c1695b0695951f1488884a7ca73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217180.

Action-Not Available
Vendor-string_kit_projectcronvel
Product-string_kitstring-kit
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-46242
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.63%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 00:00
Updated-07 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-40897
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.18%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 10:00
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls.

Action-Not Available
Vendor-split-html-to-chars_projectn/a
Product-split-html-to-charsn/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-40899
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.18%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 10:58
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories.

Action-Not Available
Vendor-repo-git-downloader_projectn/a
Product-repo-git-downloadern/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-40895
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.18%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 09:36
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements.

Action-Not Available
Vendor-todo-regex_projectn/a
Product-todo-regexn/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-40900
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.18%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 11:33
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails.

Action-Not Available
Vendor-regexfn_projectn/a
Product-regexfnn/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-41817
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.20%
||
7 Day CHG~0.00%
Published-01 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxRubySUSEopenSUSERed Hat, Inc.
Product-debian_linuxfactorysoftware_collectionslinux_enterprisefedoraenterprise_linuxrubydateleapn/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-40898
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.18%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 10:34
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files.

Action-Not Available
Vendor-scaffold-helper_projectn/a
Product-scaffold-helpern/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-40892
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.18%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 13:29
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings.

Action-Not Available
Vendor-validate_color_projectn/a
Product-validate_colorn/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-40893
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.18%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 16:12
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails.

Action-Not Available
Vendor-validate_data_projectn/a
Product-validate_datan/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-40894
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.18%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 21:09
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called.

Action-Not Available
Vendor-underscore-99xp_projectn/a
Product-underscore-99xpn/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-45296
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.33%
||
7 Day CHG~0.00%
Published-09 Sep, 2024 | 19:07
Updated-24 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
path-to-regexp outputs backtracking regular expressions

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.

Action-Not Available
Vendor-pillarjspillarjs
Product-path-to-regexppath-to-regexp
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-40896
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.18%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 09:48
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails.

Action-Not Available
Vendor-that-value_projectn/a
Product-that-valuen/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3828
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.85%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 12:25
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in nltk/nltk

nltk is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-nltknltk
Product-nltknltk/nltk
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-697
Incorrect Comparison
CVE-2024-41766
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.85%
||
7 Day CHG~0.00%
Published-04 Jan, 2025 | 14:37
Updated-21 Mar, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Lifecycle Optimization - Publishing denial of service

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelengineering_lifecycle_optimization_publishingwindowsEngineering Lifecycle Optimization Publishing
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-41818
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.04%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 15:56
Updated-11 Oct, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ReDOS at currency parsing fast-xml-parser

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.

Action-Not Available
Vendor-fast-xml-parser_projectNaturalIntelligencenaturalintelligence
Product-fast-xml-parserfast-xml-parserfast_xml_parser
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3820
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 50.99%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 12:25
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in pksunkara/inflect

inflect is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-inflect_projectpksunkara
Product-inflectpksunkara/inflect
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3810
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.91%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 06:15
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in cdr/code-server

code-server is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-codercdr
Product-code-servercdr/code-server
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3803
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.86%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in fb55/nth-check

nth-check is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-nth-check_projectfb55Debian GNU/Linux
Product-debian_linuxnth-checkfb55/nth-check
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3749
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-8.37% / 91.93%
||
7 Day CHG-0.21%
Published-31 Aug, 2021 | 10:36
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in axios/axios

axios is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-axiosaxiosOracle CorporationSiemens AG
Product-sinec_insgoldengateaxiosaxios/axios
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-3777
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.91%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 07:15
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in daaku/nodejs-tmpl

nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-tmpl_projectdaaku
Product-tmpldaaku/nodejs-tmpl
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3804
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.91%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 06:15
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in nervjs/taro

taro is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-taronervjs
Product-taronervjs/taro
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3807
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.21% / 44.09%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in chalk/ansi-regex

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-ansi-regex_projectchalkOracle Corporation
Product-ansi-regexcommunications_cloud_native_core_policychalk/ansi-regex
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-4056
Matching Score-4
Assigner-M-Files Corporation
ShareView Details
Matching Score-4
Assigner-M-Files Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.87%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 06:02
Updated-27 Aug, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service condition in M-Files Server

Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources.

Action-Not Available
Vendor-M-Files Oy
Product-M-Files Serverm-files_server
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-4148
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.52%
||
7 Day CHG~0.00%
Published-01 Jun, 2024 | 15:54
Updated-30 Jan, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Redos (Regular Expression Denial of Service) in lunary-ai/lunary

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially render it completely non-functional. Specifically, the vulnerability can be triggered by sending a specially crafted request to the application, leading to a denial of service where the application crashes.

Action-Not Available
Vendor-Lunary LLC
Product-lunarylunary-ai/lunarylunary
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-39249
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.09%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 00:00
Updated-26 Aug, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expression Denial of Service) while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input.

Action-Not Available
Vendor-n/aasync_project
Product-n/aasync
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3649
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.99%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 13:33
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in chatwoot/chatwoot

chatwoot is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-chatwootchatwoot
Product-chatwootchatwoot/chatwoot
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-35065
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.08%
||
7 Day CHG~0.00%
Published-26 Dec, 2022 | 00:00
Updated-14 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.

Action-Not Available
Vendor-gulpjsn/a
Product-glob-parentn/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-32848
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.32%
||
7 Day CHG~0.00%
Published-20 Feb, 2023 | 00:00
Updated-10 Mar, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Octobox ReDoS vulnerability

Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807.

Action-Not Available
Vendor-octobox_projectoctobox
Product-octoboxoctobox
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-32837
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-4.07% / 88.07%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 00:00
Updated-10 Mar, 2025 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mechanize vulnerable to ReDoS

mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue.

Action-Not Available
Vendor-python-mechanizeSparkle Motion
Product-mechanizemechanize
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-33502
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.53%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 15:42
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.

Action-Not Available
Vendor-normalize-url_projectn/a
Product-normalize-urln/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-32821
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.43% / 61.82%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 00:00
Updated-10 Mar, 2025 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular expression Denial of Service in MooTools

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.

Action-Not Available
Vendor-mootoolsmootools
Product-mootoolsmootools-core
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-28092
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 72.01%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 21:31
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.

Action-Not Available
Vendor-is-svg_projectn/a
Product-is-svgn/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-26813
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.05%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 15:17
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.

Action-Not Available
Vendor-markdown2_projectn/aFedora Project
Product-markdown2fedoran/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-28716
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.75% / 85.43%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 00:00
Updated-02 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component.

Action-Not Available
Vendor-n/aOpenStack
Product-n/asolum-yoga-eom
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-2829
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-4.51% / 88.69%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 11:02
Updated-22 May, 2025 | 04:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-26146
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.57% / 67.70%
||
7 Day CHG+0.05%
Published-28 Feb, 2024 | 23:28
Updated-14 Feb, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible Denial of Service Vulnerability in Rack Header Parsing

Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.

Action-Not Available
Vendor-rackrackrack_projectDebian GNU/Linux
Product-debian_linuxrackrackrack
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-25126
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 46.02%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 23:28
Updated-14 Feb, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rack ReDos in content type parsing (2nd degree polynomial)

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.

Action-Not Available
Vendor-rackrackrack_projectDebian GNU/Linux
Product-debian_linuxrackrackrack
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-25885
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.17%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 00:00
Updated-10 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string.

Action-Not Available
Vendor-n/axhtml2pdf
Product-n/axhtml2pdf
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-23732
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.07%
||
7 Day CHG~0.00%
Published-21 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py.

Action-Not Available
Vendor-embedchainn/a
Product-embedchainn/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found