CWE-1333
Inefficient Regular Expression Complexity
Description
The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-492
CVEs mapped to this weakness (332)
page 16 of 17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-43838 | 0.00 | — | 0.01 | Dec 17, 2021 | jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `` tag, an internal… | |||
| CVE-2021-43805 | 0.00 | — | 0.01 | Dec 7, 2021 | Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was… | |||
| CVE-2021-3765 | — | 0.00 | — | 0.02 | Nov 2, 2021 | validator.js is vulnerable to Inefficient Regular Expression Complexity | ||
| CVE-2021-42836 | — | 0.00 | — | 0.02 | Oct 22, 2021 | GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack. | ||
| CVE-2021-23446 | — | 0.00 | — | 0.03 | Sep 29, 2021 | The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function. | ||
| CVE-2021-3828 | 0.00 | — | 0.02 | Sep 27, 2021 | nltk is vulnerable to Inefficient Regular Expression Complexity | |||
| CVE-2021-3822 | 0.00 | — | 0.01 | Sep 27, 2021 | jsoneditor is vulnerable to Inefficient Regular Expression Complexity | |||
| CVE-2021-3820 | — | 0.00 | — | 0.01 | Sep 27, 2021 | inflect is vulnerable to Inefficient Regular Expression Complexity | ||
| CVE-2020-23478 | — | 0.00 | — | 0.01 | Sep 22, 2021 | Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py. | ||
| CVE-2021-32838 | 0.00 | — | 0.02 | Sep 20, 2021 | Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1. | |||
| CVE-2021-3810 | — | 0.00 | — | 0.01 | Sep 17, 2021 | code-server is vulnerable to Inefficient Regular Expression Complexity | ||
| CVE-2021-3804 | — | 0.00 | — | 0.01 | Sep 17, 2021 | taro is vulnerable to Inefficient Regular Expression Complexity | ||
| CVE-2021-3803 | 0.00 | — | 0.02 | Sep 17, 2021 | nth-check is vulnerable to Inefficient Regular Expression Complexity | |||
| CVE-2021-3807 | — | 0.00 | — | 0.03 | Sep 17, 2021 | ansi-regex is vulnerable to Inefficient Regular Expression Complexity | ||
| CVE-2021-3795 | — | 0.00 | — | 0.01 | Sep 15, 2021 | semver-regex is vulnerable to Inefficient Regular Expression Complexity | ||
| CVE-2021-3794 | 0.00 | — | 0.01 | Sep 15, 2021 | vuelidate is vulnerable to Inefficient Regular Expression Complexity | |||
| CVE-2021-3749 | 0.00 | — | 0.09 | Aug 31, 2021 | axios is vulnerable to Inefficient Regular Expression Complexity | |||
| CVE-2021-32740 | 0.00 | — | 0.02 | Jul 6, 2021 | Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a… | |||
| CVE-2021-23364 | — | 0.00 | — | 0.02 | Apr 28, 2021 | The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries. | ||
| CVE-2021-26813 | — | 0.00 | — | 0.02 | Mar 3, 2021 | markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time. |
- CVE-2021-43838Dec 17, 2021risk 0.00cvss —epss 0.01
jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `` tag, an internal…
- CVE-2021-43805Dec 7, 2021risk 0.00cvss —epss 0.01
Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was…
- CVE-2021-3765Nov 2, 2021risk 0.00cvss —epss 0.02
validator.js is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-42836Oct 22, 2021risk 0.00cvss —epss 0.02
GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.
- CVE-2021-23446Sep 29, 2021risk 0.00cvss —epss 0.03
The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function.
- CVE-2021-3828Sep 27, 2021risk 0.00cvss —epss 0.02
nltk is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3822Sep 27, 2021risk 0.00cvss —epss 0.01
jsoneditor is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3820Sep 27, 2021risk 0.00cvss —epss 0.01
inflect is vulnerable to Inefficient Regular Expression Complexity
- CVE-2020-23478Sep 22, 2021risk 0.00cvss —epss 0.01
Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py.
- CVE-2021-32838Sep 20, 2021risk 0.00cvss —epss 0.02
Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1.
- CVE-2021-3810Sep 17, 2021risk 0.00cvss —epss 0.01
code-server is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3804Sep 17, 2021risk 0.00cvss —epss 0.01
taro is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3803Sep 17, 2021risk 0.00cvss —epss 0.02
nth-check is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3807Sep 17, 2021risk 0.00cvss —epss 0.03
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3795Sep 15, 2021risk 0.00cvss —epss 0.01
semver-regex is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3794Sep 15, 2021risk 0.00cvss —epss 0.01
vuelidate is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3749Aug 31, 2021risk 0.00cvss —epss 0.09
axios is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-32740Jul 6, 2021risk 0.00cvss —epss 0.02
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a…
- CVE-2021-23364Apr 28, 2021risk 0.00cvss —epss 0.02
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
- CVE-2021-26813Mar 3, 2021risk 0.00cvss —epss 0.02
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.