VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 79 of 93
  • CVE-2021-3795Sep 15, 2021
    risk 0.00cvss epss 0.01

    semver-regex is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3801Sep 15, 2021
    risk 0.00cvss epss 0.01

    prism is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3794Sep 15, 2021
    risk 0.00cvss epss 0.01

    vuelidate is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3777Sep 15, 2021
    risk 0.00cvss epss 0.01

    nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-23437Sep 3, 2021
    risk 0.00cvss epss 0.03

    The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.

  • CVE-2021-3749Aug 31, 2021
    risk 0.00cvss epss 0.09

    axios is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-39171Aug 27, 2021
    risk 0.00cvss epss 0.01

    Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service.…

  • CVE-2021-23429Aug 24, 2021
    risk 0.00cvss epss 0.01

    All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function.

  • CVE-2021-23424Aug 18, 2021
    risk 0.00cvss epss 0.02

    This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.

  • CVE-2021-23425Aug 18, 2021
    risk 0.00cvss epss 0.02

    All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing.

  • CVE-2021-23409Jul 21, 2021
    risk 0.00cvss epss 0.02

    The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header.

  • CVE-2021-32014Jul 19, 2021
    risk 0.00cvss epss 0.01

    SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js.

  • CVE-2021-32013Jul 19, 2021
    risk 0.00cvss epss 0.01

    SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2).

  • CVE-2021-32012Jul 19, 2021
    risk 0.00cvss epss 0.01

    SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2).

  • CVE-2021-36716Jul 14, 2021
    risk 0.00cvss epss 0.01

    A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU.

  • CVE-2021-32740Jul 6, 2021
    risk 0.00cvss epss 0.02

    Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a…

  • CVE-2021-22119Jun 29, 2021
    risk 0.00cvss epss 0.06

    Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A…

  • CVE-2021-33503Jun 29, 2021
    risk 0.00cvss epss 0.03

    An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected…

  • CVE-2021-32723Jun 28, 2021
    risk 0.00cvss epss 0.01

    Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight.…

  • CVE-2021-32823Jun 23, 2021
    risk 0.00cvss epss 0.02

    In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit. In…