VYPR

CWE-1333

Inefficient Regular Expression Complexity

BaseDraftLikelihood: High

Description

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-492

CVEs mapped to this weakness (332)

page 15 of 17
  • CVE-2021-46823Jun 18, 2022
    risk 0.00cvss epss 0.02

    python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker…

  • CVE-2021-40660Jun 14, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack.

  • CVE-2022-1929Jun 1, 2022
    risk 0.00cvss epss 0.01

    An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method

  • CVE-2021-43308Jun 1, 2022
    risk 0.00cvss epss 0.01

    An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function

  • CVE-2021-43307Jun 1, 2022
    risk 0.00cvss epss 0.01

    An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method

  • CVE-2021-43306Jun 1, 2022
    risk 0.00cvss epss 0.01

    An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method

  • CVE-2022-30973May 31, 2022
    risk 0.00cvss epss 0.02

    We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted…

  • CVE-2022-21195May 20, 2022
    risk 0.00cvss epss 0.01

    All versions of package url-regex are vulnerable to Regular Expression Denial of Service (ReDoS) which can cause the CPU usage to crash.

  • CVE-2022-26650May 17, 2022
    risk 0.00cvss epss 0.02

    In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters…

  • CVE-2022-30126May 16, 2022
    risk 0.00cvss epss 0.03

    In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler,…

  • CVE-2022-29167May 5, 2022
    risk 0.00cvss epss 0.01

    Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression…

  • CVE-2022-25844May 1, 2022
    risk 0.00cvss epss 0.05

    The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This…

  • CVE-2022-24836Apr 11, 2022
    risk 0.00cvss epss 0.04

    Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`.…

  • CVE-2022-25598Mar 30, 2022
    risk 0.00cvss epss 0.02

    Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

  • CVE-2022-24713Mar 8, 2022
    risk 0.00cvss epss 0.14

    regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide…

  • CVE-2022-21681Jan 14, 2022
    risk 0.00cvss epss 0.03

    Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of…

  • CVE-2022-21680Jan 14, 2022
    risk 0.00cvss epss 0.03

    Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable…

  • CVE-2022-21670Jan 10, 2022
    risk 0.00cvss epss 0.02

    markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.

  • CVE-2021-3842Jan 4, 2022
    risk 0.00cvss epss 0.01

    nltk is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-41817Jan 1, 2022
    risk 0.00cvss epss 0.03

    Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.