VYPR

CWE-1333

Inefficient Regular Expression Complexity

BaseDraftLikelihood: High

Description

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-492

CVEs mapped to this weakness (332)

page 17 of 17
  • CVE-2021-21317Feb 16, 2021
    risk 0.00cvss epss 0.03

    uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows…

  • CVE-2020-28500Feb 15, 2021
    risk 0.00cvss epss 0.07

    Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

  • CVE-2021-26271Jan 26, 2021
    risk 0.00cvss epss 0.02

    It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).

  • CVE-2020-28280Dec 29, 2020
    risk 0.00cvss epss 0.03

    Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution.

  • CVE-2020-5243Feb 20, 2020
    risk 0.00cvss epss 0.02

    uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by…

  • CVE-2019-16555Dec 17, 2019
    risk 0.00cvss epss 0.01

    A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.

  • CVE-2019-12041May 13, 2019
    risk 0.00cvss epss 0.01

    lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section.

  • CVE-2018-20801Mar 14, 2019
    risk 0.00cvss epss 0.03

    In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.

  • CVE-2017-18077HigJan 27, 2018
    risk 0.00cvss 7.5epss 0.03

    index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.

  • CVE-2015-5145Jul 14, 2015
    risk 0.00cvss epss 0.03

    validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

  • CVE-2009-3695Oct 13, 2009
    risk 0.00cvss epss 0.04

    Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of…

  • CVE-2009-1190Apr 27, 2009
    risk 0.00cvss epss 0.03

    Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows…