VYPR

CWE-185

Incorrect Regular Expression

ClassDraft

Description

The product specifies a regular expression in a way that causes data to be improperly matched or compared.

When the regular expression is used in protection mechanisms such as filtering or validation, this may allow an attacker to bypass the intended restrictions on the incoming data.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-15 · CAPEC-6 · CAPEC-79

CVEs mapped to this weakness (29)

page 2 of 2
  • CVE-2026-25896Feb 20, 2026
    risk 0.00cvss epss 0.00

    fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an…

  • CVE-2026-25479Feb 9, 2026
    risk 0.00cvss epss 0.00

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, in litestar.middleware.allowed_hosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning (e.g., . matches any character).…

  • CVE-2026-24398Jan 27, 2026
    risk 0.00cvss epss 0.00

    Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The `IPV4_REGEX` pattern and `convertIPv4ToBinary` function in `src/utils/ipaddr.ts`…

  • CVE-2025-54365Jul 23, 2025
    risk 0.00cvss epss 0.01

    fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch…

  • CVE-2020-36649Jan 11, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this…

  • CVE-2021-27293Jul 12, 2021
    risk 0.00cvss epss 0.02

    RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an…

  • CVE-2020-2288Oct 8, 2020
    risk 0.00cvss epss 0.01

    In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling.

  • CVE-2019-14993Aug 13, 2019
    risk 0.00cvss epss 0.02

    Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API.

  • CVE-2018-20164Feb 13, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to a value containing a long…