CWE-400
Uncontrolled Resource Consumption
Description
The product does not properly control the allocation and maintenance of a limited resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-147 · CAPEC-227 · CAPEC-492
CVEs mapped to this weakness (1,853)
page 79 of 93| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3795 | — | 0.00 | — | 0.01 | Sep 15, 2021 | semver-regex is vulnerable to Inefficient Regular Expression Complexity | ||
| CVE-2021-3801 | 0.00 | — | 0.01 | Sep 15, 2021 | prism is vulnerable to Inefficient Regular Expression Complexity | |||
| CVE-2021-3794 | 0.00 | — | 0.01 | Sep 15, 2021 | vuelidate is vulnerable to Inefficient Regular Expression Complexity | |||
| CVE-2021-3777 | — | 0.00 | — | 0.01 | Sep 15, 2021 | nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity | ||
| CVE-2021-23437 | — | 0.00 | — | 0.03 | Sep 3, 2021 | The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | ||
| CVE-2021-3749 | 0.00 | — | 0.09 | Aug 31, 2021 | axios is vulnerable to Inefficient Regular Expression Complexity | |||
| CVE-2021-39171 | 0.00 | — | 0.01 | Aug 27, 2021 | Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service.… | |||
| CVE-2021-23429 | — | 0.00 | — | 0.01 | Aug 24, 2021 | All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function. | ||
| CVE-2021-23424 | — | 0.00 | — | 0.02 | Aug 18, 2021 | This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time. | ||
| CVE-2021-23425 | — | 0.00 | — | 0.02 | Aug 18, 2021 | All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing. | ||
| CVE-2021-23409 | 0.00 | — | 0.02 | Jul 21, 2021 | The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header. | |||
| CVE-2021-32014 | — | 0.00 | — | 0.01 | Jul 19, 2021 | SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js. | ||
| CVE-2021-32013 | — | 0.00 | — | 0.01 | Jul 19, 2021 | SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2). | ||
| CVE-2021-32012 | — | 0.00 | — | 0.01 | Jul 19, 2021 | SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2). | ||
| CVE-2021-36716 | — | 0.00 | — | 0.01 | Jul 14, 2021 | A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU. | ||
| CVE-2021-32740 | 0.00 | — | 0.02 | Jul 6, 2021 | Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a… | |||
| CVE-2021-22119 | 0.00 | — | 0.06 | Jun 29, 2021 | Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A… | |||
| CVE-2021-33503 | — | 0.00 | — | 0.03 | Jun 29, 2021 | An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected… | ||
| CVE-2021-32723 | 0.00 | — | 0.01 | Jun 28, 2021 | Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight.… | |||
| CVE-2021-32823 | 0.00 | — | 0.02 | Jun 23, 2021 | In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit. In… |
- CVE-2021-3795Sep 15, 2021risk 0.00cvss —epss 0.01
semver-regex is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3801Sep 15, 2021risk 0.00cvss —epss 0.01
prism is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3794Sep 15, 2021risk 0.00cvss —epss 0.01
vuelidate is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3777Sep 15, 2021risk 0.00cvss —epss 0.01
nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-23437Sep 3, 2021risk 0.00cvss —epss 0.03
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
- CVE-2021-3749Aug 31, 2021risk 0.00cvss —epss 0.09
axios is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-39171Aug 27, 2021risk 0.00cvss —epss 0.01
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service.…
- CVE-2021-23429Aug 24, 2021risk 0.00cvss —epss 0.01
All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function.
- CVE-2021-23424Aug 18, 2021risk 0.00cvss —epss 0.02
This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.
- CVE-2021-23425Aug 18, 2021risk 0.00cvss —epss 0.02
All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing.
- CVE-2021-23409Jul 21, 2021risk 0.00cvss —epss 0.02
The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header.
- CVE-2021-32014Jul 19, 2021risk 0.00cvss —epss 0.01
SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js.
- CVE-2021-32013Jul 19, 2021risk 0.00cvss —epss 0.01
SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2).
- CVE-2021-32012Jul 19, 2021risk 0.00cvss —epss 0.01
SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2).
- CVE-2021-36716Jul 14, 2021risk 0.00cvss —epss 0.01
A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU.
- CVE-2021-32740Jul 6, 2021risk 0.00cvss —epss 0.02
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a…
- CVE-2021-22119Jun 29, 2021risk 0.00cvss —epss 0.06
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A…
- CVE-2021-33503Jun 29, 2021risk 0.00cvss —epss 0.03
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected…
- CVE-2021-32723Jun 28, 2021risk 0.00cvss —epss 0.01
Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight.…
- CVE-2021-32823Jun 23, 2021risk 0.00cvss —epss 0.02
In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit. In…