VYPR

CWE-1333

Inefficient Regular Expression Complexity

BaseDraftLikelihood: High

Description

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-492

CVEs mapped to this weakness (332)

page 16 of 17
  • CVE-2021-43838Dec 17, 2021
    risk 0.00cvss epss 0.01

    jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `` tag, an internal…

  • CVE-2021-43805Dec 7, 2021
    risk 0.00cvss epss 0.01

    Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was…

  • CVE-2021-3765Nov 2, 2021
    risk 0.00cvss epss 0.02

    validator.js is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-42836Oct 22, 2021
    risk 0.00cvss epss 0.02

    GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.

  • CVE-2021-23446Sep 29, 2021
    risk 0.00cvss epss 0.03

    The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function.

  • CVE-2021-3828Sep 27, 2021
    risk 0.00cvss epss 0.02

    nltk is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3822Sep 27, 2021
    risk 0.00cvss epss 0.01

    jsoneditor is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3820Sep 27, 2021
    risk 0.00cvss epss 0.01

    inflect is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2020-23478Sep 22, 2021
    risk 0.00cvss epss 0.01

    Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py.

  • CVE-2021-32838Sep 20, 2021
    risk 0.00cvss epss 0.02

    Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1.

  • CVE-2021-3810Sep 17, 2021
    risk 0.00cvss epss 0.01

    code-server is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3804Sep 17, 2021
    risk 0.00cvss epss 0.01

    taro is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3803Sep 17, 2021
    risk 0.00cvss epss 0.02

    nth-check is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3807Sep 17, 2021
    risk 0.00cvss epss 0.03

    ansi-regex is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3795Sep 15, 2021
    risk 0.00cvss epss 0.01

    semver-regex is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3794Sep 15, 2021
    risk 0.00cvss epss 0.01

    vuelidate is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3749Aug 31, 2021
    risk 0.00cvss epss 0.09

    axios is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-32740Jul 6, 2021
    risk 0.00cvss epss 0.02

    Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a…

  • CVE-2021-23364Apr 28, 2021
    risk 0.00cvss epss 0.02

    The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

  • CVE-2021-26813Mar 3, 2021
    risk 0.00cvss epss 0.02

    markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.