VYPR

CWE-1333

Inefficient Regular Expression Complexity

BaseDraftLikelihood: High

Description

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-492

CVEs mapped to this weakness (332)

page 14 of 17
  • CVE-2022-39280Oct 6, 2022
    risk 0.00cvss epss 0.01

    dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been…

  • CVE-2022-21222Sep 30, 2022
    risk 0.00cvss epss 0.01

    The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.

  • CVE-2022-24373Sep 30, 2022
    risk 0.00cvss epss 0.01

    The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.

  • CVE-2022-37259Sep 20, 2022
    risk 0.00cvss epss 0.01

    A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js.

  • CVE-2022-37260Sep 15, 2022
    risk 0.00cvss epss 0.01

    A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js.

  • CVE-2022-37262Sep 15, 2022
    risk 0.00cvss epss 0.01

    A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js.

  • CVE-2022-40023Sep 7, 2022
    risk 0.00cvss epss 0.02

    Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.

  • CVE-2022-25887Aug 30, 2022
    risk 0.00cvss epss 0.01

    The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.

  • CVE-2022-36034Aug 29, 2022
    risk 0.00cvss epss 0.01

    nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. This issue has been patched in all versions above `0.2.5`. There are currently no known workarounds.

  • CVE-2021-43309Aug 24, 2022
    risk 0.00cvss epss 0.01

    An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method

  • CVE-2022-1930Aug 22, 2022
    risk 0.00cvss epss 0.01

    An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method

  • CVE-2022-35923Aug 2, 2022
    risk 0.00cvss epss 0.01

    v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the `lowercase()` and `uppercase()` regex which could lead to a denial of service attack. In testing of the `lowercase()` function a payload…

  • CVE-2022-2596Aug 1, 2022
    risk 0.00cvss epss 0.01

    Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10.

  • CVE-2022-34749Jul 25, 2022
    risk 0.00cvss epss 0.01

    In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

  • CVE-2022-25858Jul 15, 2022
    risk 0.00cvss epss 0.02

    The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

  • CVE-2022-31147Jul 14, 2022
    risk 0.00cvss epss 0.02

    The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due…

  • CVE-2022-31781Jul 13, 2022
    risk 0.00cvss epss 0.02

    Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the…

  • CVE-2022-31129Jul 6, 2022
    risk 0.00cvss epss 0.04

    moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried…

  • CVE-2022-25758Jul 1, 2022
    risk 0.00cvss epss 0.02

    All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.

  • CVE-2022-31110Jun 29, 2022
    risk 0.00cvss epss 0.01

    RSSHub is an open source, extensible RSS feed generator. In commits prior to 5c4177441417 passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. This results in an impact on the performance of the servers and RSSHub services…