CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method

CVE-2021-43309 | CVSS 5.9

JFrog Severity:medium

Published 3 Aug. 2022 | Last updated 3 Aug. 2022

Exponential ReDoS in uri-template-lite leads to denial of service

uri-template-lite

uri-template-lite (,)

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the URI.expand() method

The vulnerable regular expression can be found at "/package/index.js" - \{([#&+.\/;?]?)((?:[-\w%.]+(\*|:\d+)?,?)+)\}

'{0' + '0'.repeat(1000)

No mitigations are supplied for this issue

NVD

Headline

CVE-2021-43309: uri-template-lite URI.expand ReDoS | XRAY-211351

CVE: Latest News