VYPR

CWE-1333

Inefficient Regular Expression Complexity

BaseDraftLikelihood: High

Description

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-492

CVEs mapped to this weakness (332)

page 10 of 17
  • CVE-2021-4437Feb 12, 2024
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type…

  • CVE-2024-21490Feb 10, 2024
    risk 0.00cvss epss 0.02

    This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause…

  • CVE-2024-23732Jan 21, 2024
    risk 0.00cvss epss 0.01

    The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py.

  • CVE-2023-50249Dec 20, 2023
    risk 0.00cvss epss 0.01

    Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on…

  • CVE-2023-48631Dec 14, 2023
    risk 0.00cvss epss 0.01

    @adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.

  • CVE-2023-26364Nov 17, 2023
    risk 0.00cvss epss 0.01

    @adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.

  • CVE-2023-46402Nov 17, 2023
    risk 0.00cvss epss 0.01

    git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in urls.go.

  • CVE-2023-39619Oct 24, 2023
    risk 0.00cvss epss 0.01

    ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component.

  • CVE-2023-45813Oct 18, 2023
    risk 0.00cvss epss 0.01

    Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause…

  • CVE-2023-4316Sep 28, 2023
    risk 0.00cvss epss 0.01

    Zod in versions 3.21.0 up to and including 3.22.3 allows an attacker to perform a denial of service while validating emails.

  • CVE-2023-43646Sep 26, 2023
    risk 0.00cvss epss 0.01

    get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service (redos) vulnerability which may lead to a denial of service when parsing malicious…

  • CVE-2023-39663Aug 29, 2023
    risk 0.00cvss epss 0.01

    Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there…

  • CVE-2023-36543Jul 12, 2023
    risk 0.00cvss epss 0.01

    Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

  • CVE-2023-36053Jul 3, 2023
    risk 0.00cvss epss 0.03

    In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

  • CVE-2023-36617Jun 29, 2023
    risk 0.00cvss epss 0.02

    A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this…

  • CVE-2023-26115Jun 22, 2023
    risk 0.00cvss epss 0.02

    All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.

  • CVE-2022-25883Jun 21, 2023
    risk 0.00cvss epss 0.03

    Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

  • CVE-2023-33289Jun 21, 2023
    risk 0.00cvss epss 0.01

    The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."

  • CVE-2023-33290Jun 12, 2023
    risk 0.00cvss epss 0.01

    The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).

  • CVE-2023-34104Jun 6, 2023
    risk 0.00cvss epss 0.01

    fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can…