VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 68 of 93
  • CVE-2018-1107MedMar 30, 2021
    risk 0.28cvss 5.3epss 0.01

    It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.

  • CVE-2021-23362MedMar 23, 2021
    risk 0.28cvss 5.3epss 0.04

    The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.

  • CVE-2021-23354MedMar 12, 2021
    risk 0.28cvss 5.3epss 0.02

    The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic…

  • CVE-2021-21328MedFeb 26, 2021
    risk 0.28cvss 5.3epss 0.02

    Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will…

  • CVE-2021-21317MedFeb 16, 2021
    risk 0.28cvss 5.3epss 0.03

    uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows…

  • CVE-2020-28500MedFeb 15, 2021
    risk 0.28cvss 5.3epss 0.07

    Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

  • CVE-2021-21306MedFeb 8, 2021
    risk 0.28cvss 5.3epss 0.02

    Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked.…

  • CVE-2020-28493MedFeb 1, 2021
    risk 0.28cvss 5.3epss 0.04

    This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be…

  • CVE-2021-21252MedJan 13, 2021
    risk 0.28cvss 5.3epss 0.04

    The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of…

  • CVE-2020-7761MedNov 5, 2020
    risk 0.28cvss 5.3epss 0.02

    This affects the package @absolunet/kafe before 3.2.10. It allows cause a denial of service when validating crafted invalid emails.

  • CVE-2020-7760MedOct 30, 2020
    risk 0.28cvss 5.3epss 0.05

    This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.j…

  • CVE-2016-11067MedJun 19, 2020
    risk 0.28cvss 5.3epss 0.01

    An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.

  • CVE-2020-8552MedMar 27, 2020
    risk 0.28cvss 5.3epss 0.02

    The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.

  • CVE-2016-7068MedSep 11, 2018
    risk 0.28cvss 5.3epss 0.07

    An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial…

  • CVE-2016-7072MedSep 10, 2018
    risk 0.28cvss 5.3epss 0.06

    An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers…

  • CVE-2016-8611MedJul 31, 2018
    risk 0.28cvss 4.3epss 0.02

    A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.

  • CVE-2017-16137MedJun 7, 2018
    risk 0.28cvss 5.3epss 0.03

    The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

  • CVE-2016-8627MedMay 11, 2018
    risk 0.28cvss 4.3epss 0.03

    admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files…

  • CVE-2016-7428MedJan 13, 2017
    risk 0.28cvss 4.3epss 0.04

    ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.

  • CVE-2016-7427MedJan 13, 2017
    risk 0.28cvss 4.3epss 0.04

    The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.