Common Weakness Enumeration

CWE-185

Allowed-with-Review

Incorrect Regular Expression

Abstraction: Class · Status: Draft

The product specifies a regular expression in a way that causes data to be improperly matched or compared.

70 vulnerabilities reference this CWE, most recent first.

CVE-2020-11034 (GCVE-0-2020-11034)

Vulnerability from cvelistv5 – Published: 2020-05-05 21:20 – Updated: 2024-08-04 11:21
VLAI
Title
bypass of manageRedirect in GLPI
Summary
In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6.
CWE
  • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
  • CWE-185 - Incorrect Regular Expression
Assigner
References
Impacted products
Vendor Product Version
glpi-project GLPI Affected: < 9.4.6
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg"
          },
          {
            "name": "FEDORA-2020-ee30e1109f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/"
          },
          {
            "name": "FEDORA-2020-885e2343ed",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GLPI",
          "vendor": "glpi-project",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 9.4.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "CWE-185: Incorrect Regular Expression",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-15T04:06:22.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg"
        },
        {
          "name": "FEDORA-2020-ee30e1109f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/"
        },
        {
          "name": "FEDORA-2020-885e2343ed",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/"
        }
      ],
      "source": {
        "advisory": "GHSA-gxv6-xq9q-37hg",
        "discovery": "UNKNOWN"
      },
      "title": "bypass of manageRedirect in GLPI",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-11034",
          "STATE": "PUBLIC",
          "TITLE": "bypass of manageRedirect in GLPI"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GLPI",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 9.4.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "glpi-project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-185: Incorrect Regular Expression"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg",
              "refsource": "CONFIRM",
              "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg"
            },
            {
              "name": "FEDORA-2020-ee30e1109f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/"
            },
            {
              "name": "FEDORA-2020-885e2343ed",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-gxv6-xq9q-37hg",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-11034",
    "datePublished": "2020-05-05T21:20:12.000Z",
    "dateReserved": "2020-03-30T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:21:14.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-7929 (GCVE-0-2020-7929)

Vulnerability from cvelistv5 – Published: 2021-03-01 16:05 – Updated: 2024-09-16 19:46
VLAI
Title
Specially crafted regex query can cause DoS
Summary
A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-185 - Incorrect Regular Expression
Assigner
References
Impacted products
Vendor Product Version
MongoDB Inc. MongoDB Server Affected: 3.6 , < 3.6.21 (custom)
Affected: 4.0 , < 4.0.20 (custom)
Create a notification for this product.
mongodb mongodb Affected: 3.6 , < 3.6.21 (custom)
Affected: 4.0 , < 4.0.20 (custom)
    cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2021-02-26 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:48:24.522Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.mongodb.org/browse/SERVER-51083"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mongodb",
            "vendor": "mongodb",
            "versions": [
              {
                "lessThan": "3.6.21",
                "status": "affected",
                "version": "3.6",
                "versionType": "custom"
              },
              {
                "lessThan": "4.0.20",
                "status": "affected",
                "version": "4.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-7929",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-23T18:12:01.677275Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T17:22:54.094Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc.",
          "versions": [
            {
              "lessThan": "3.6.21",
              "status": "affected",
              "version": "3.6",
              "versionType": "custom"
            },
            {
              "lessThan": "4.0.20",
              "status": "affected",
              "version": "4.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-02-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20.\u003c/p\u003e"
            }
          ],
          "value": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "CWE-185 Incorrect Regular Expression",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-23T15:49:00.951Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.mongodb.org/browse/SERVER-51083"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Specially crafted regex query can cause DoS",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@mongodb.com",
          "DATE_PUBLIC": "2021-02-26T17:00:00.000Z",
          "ID": "CVE-2020-7929",
          "STATE": "PUBLIC",
          "TITLE": "Specially crafted regex query can cause DoS"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MongoDB Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "3.6",
                            "version_value": "3.6.21"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.0",
                            "version_value": "4.0.20"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "MongoDB Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-185 Incorrect Regular Expression"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.mongodb.org/browse/SERVER-51083",
              "refsource": "MISC",
              "url": "https://jira.mongodb.org/browse/SERVER-51083"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2020-7929",
    "datePublished": "2021-03-01T16:05:17.498Z",
    "dateReserved": "2020-01-23T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:46:52.238Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-7016 (GCVE-0-2020-7016)

Vulnerability from cvelistv5 – Published: 2020-07-27 18:00 – Updated: 2024-08-04 09:18
VLAI
Summary
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
Severity
No CVSS data available.
CWE
  • CWE-185 - Incorrect Regular Expression
Assigner
Impacted products
Vendor Product Version
Elastic Kibana Affected: before 6.8.11 and 7.8.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:18:03.007Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.elastic.co/community/security/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kibana",
          "vendor": "Elastic",
          "versions": [
            {
              "status": "affected",
              "version": "before 6.8.11 and 7.8.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "CWE-185: Incorrect Regular Expression",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:55:24.000Z",
        "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "shortName": "elastic"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.elastic.co/community/security/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@elastic.co",
          "ID": "CVE-2020-7016",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kibana",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 6.8.11 and 7.8.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Elastic"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-185: Incorrect Regular Expression"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.elastic.co/community/security/",
              "refsource": "MISC",
              "url": "https://www.elastic.co/community/security/"
            },
            {
              "name": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786",
              "refsource": "MISC",
              "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
    "assignerShortName": "elastic",
    "cveId": "CVE-2020-7016",
    "datePublished": "2020-07-27T18:00:15.000Z",
    "dateReserved": "2020-01-14T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:18:03.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-3408 (GCVE-0-2020-3408)

Vulnerability from cvelistv5 – Published: 2020-09-24 18:01 – Updated: 2024-11-13 17:55
VLAI
Title
Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability
Summary
A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes the DNS name list configuration. An attacker could exploit this vulnerability by trying to resolve an address or hostname that the affected device handles. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Vendor Product Version
Cisco Cisco IOS Affected: n/a
Create a notification for this product.
Date Public
2020-09-24 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:58.170Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200924 Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-splitdns-SPWqpdGW"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3408",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T17:12:38.800639Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T17:55:19.781Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-09-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes the DNS name list configuration. An attacker could exploit this vulnerability by trying to resolve an address or hostname that the affected device handles. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "CWE-185",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-24T18:01:59.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200924 Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-splitdns-SPWqpdGW"
        }
      ],
      "source": {
        "advisory": "cisco-sa-splitdns-SPWqpdGW",
        "defect": [
          [
            "CSCvt78186"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-09-24T16:00:00",
          "ID": "CVE-2020-3408",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes the DNS name list configuration. An attacker could exploit this vulnerability by trying to resolve an address or hostname that the affected device handles. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.6",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-185"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200924 Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-splitdns-SPWqpdGW"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-splitdns-SPWqpdGW",
          "defect": [
            [
              "CSCvt78186"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3408",
    "datePublished": "2020-09-24T18:01:59.804Z",
    "dateReserved": "2019-12-12T00:00:00.000Z",
    "dateUpdated": "2024-11-13T17:55:19.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-1741 (GCVE-0-2020-1741)

Vulnerability from cvelistv5 – Published: 2020-04-24 18:34 – Updated: 2024-08-04 06:46
VLAI
Summary
A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality.
CWE
Assigner
References
Impacted products
Vendor Product Version
Red Hat openshift-ansible Affected: openshift-ansible-3.11
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:46:30.884Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1741"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openshift-ansible",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "openshift-ansible-3.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user\u0027s browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "CWE-185",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-24T18:34:07.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1741"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-1741",
    "datePublished": "2020-04-24T18:34:07.000Z",
    "dateReserved": "2019-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-04T06:46:30.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-7158 (GCVE-0-2018-7158)

Vulnerability from cvelistv5 – Published: 2018-05-17 14:00 – Updated: 2024-09-16 16:48
VLAI
Summary
The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `'path'` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service.
Severity
No CVSS data available.
CWE
  • CWE-185 - Incorrect Regular Expression
Assigner
References
Impacted products
Date Public
2018-03-21 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:24:10.491Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Node.js",
          "vendor": "The Node.js Project",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        }
      ],
      "datePublic": "2018-03-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The `\u0027path\u0027` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `\u0027path\u0027` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "CWE-185: Incorrect Regular Expression",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-17T13:57:01.000Z",
        "orgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
        "shortName": "nodejs"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-request@iojs.org",
          "DATE_PUBLIC": "2018-03-21T00:00:00",
          "ID": "CVE-2018-7158",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Node.js",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Node.js Project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The `\u0027path\u0027` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `\u0027path\u0027` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-185: Incorrect Regular Expression"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
    "assignerShortName": "nodejs",
    "cveId": "CVE-2018-7158",
    "datePublished": "2018-05-17T14:00:00.000Z",
    "dateReserved": "2018-02-15T00:00:00.000Z",
    "dateUpdated": "2024-09-16T16:48:51.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1109 (GCVE-0-2018-1109)

Vulnerability from cvelistv5 – Published: 2021-03-30 01:52 – Updated: 2025-12-01 14:18
VLAI
Summary
A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a nodejs-braces Affected: 2.2.0 , < 2.3.1 (semver)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:48.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547272"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/npm:braces:20180219"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nodejs-braces",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "2.3.1",
              "status": "affected",
              "version": "2.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-185",
              "description": "CWE-185-\u003eCWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-01T14:18:10.499Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547272"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/vuln/npm:braces:20180219"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-1109",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "nodejs-braces",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "braces 2.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-185-\u003eCWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1547272",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547272"
            },
            {
              "name": "https://snyk.io/vuln/npm:braces:20180219",
              "refsource": "MISC",
              "url": "https://snyk.io/vuln/npm:braces:20180219"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-1109",
    "datePublished": "2021-03-30T01:52:55.000Z",
    "dateReserved": "2017-12-04T00:00:00.000Z",
    "dateUpdated": "2025-12-01T14:18:10.499Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

GHSA-2F9X-5V75-3QV4

Vulnerability from github – Published: 2019-01-04 17:50 – Updated: 2024-11-18 16:26
VLAI
Summary
Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
Details

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Django"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0"
            },
            {
              "fixed": "2.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Django"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.11"
            },
            {
              "fixed": "1.11.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Django"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.8"
            },
            {
              "fixed": "1.8.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-7537"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-185"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:51:51Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator\u0027s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.",
  "id": "GHSA-2f9x-5v75-3qv4",
  "modified": "2024-11-18T16:26:06Z",
  "published": "2019-01-04T17:50:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7537"
    },
    {
      "type": "WEB",
      "url": "https://github.com/django/django/commit/94c5da1d17a6b0d378866c66b605102c19f7988c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539"
    },
    {
      "type": "WEB",
      "url": "https://github.com/django/django/commit/d17974a287a6ea2e361daff88fcc004cbd6835fa"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2927"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:0265"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-2f9x-5v75-3qv4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/django/django"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-6.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3591-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4161"
    },
    {
      "type": "WEB",
      "url": "https://www.djangoproject.com/weblog/2018/mar/06/security-releases"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters"
}

GHSA-2M39-62FM-Q8R3

Vulnerability from github – Published: 2018-08-15 13:22 – Updated: 2023-01-31 01:55
VLAI
Summary
Regular Expression Denial of Service in sshpk
Details

Versions of sshpk before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys.

Recommendation

Update to version 1.13.2, 1.14.1 or later.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "sshpk"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.13.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-3737"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-185",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:52:29Z",
    "nvd_published_at": "2018-06-07T02:29:00Z",
    "severity": "HIGH"
  },
  "details": "Versions of `sshpk` before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys.\n\n\n## Recommendation\n\nUpdate to version 1.13.2, 1.14.1 or later.",
  "id": "GHSA-2m39-62fm-q8r3",
  "modified": "2023-01-31T01:55:03Z",
  "published": "2018-08-15T13:22:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3737"
    },
    {
      "type": "WEB",
      "url": "https://github.com/joyent/node-sshpk/commit/46065d38a5e6d1bccf86d3efb2fb83c14e3f9957"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/319593"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-2m39-62fm-q8r3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/joyent/node-sshpk/blob/v1.13.1/lib/formats/ssh.js#L17"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/606"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Regular Expression Denial of Service in sshpk"
}

GHSA-473R-XGJ8-7XQQ

Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2022-05-24 16:44
VLAI
Details

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-11387"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-185",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-21T02:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.",
  "id": "GHSA-473r-xgj8-7xqq",
  "modified": "2022-05-24T16:44:02Z",
  "published": "2022-05-24T16:44:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11387"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1359"
    },
    {
      "type": "WEB",
      "url": "https://coreruleset.org/20190627/announcement-owasp-modsecurity-core-rule-set-version-3-1-1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.1/dev/CHANGES"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-45
Implementation

Strategy: Refactoring

Regular expressions can become error prone when defining a complex language even for those experienced in writing grammars. Determine if several smaller regular expressions simplify one large regular expression. Also, subject the regular expression to thorough testing techniques such as equivalence partitioning, boundary value analysis, and robustness. After testing and a reasonable confidence level is achieved, a regular expression may not be foolproof. If an exploit is allowed to slip through, then record the exploit and refactor the regular expression.

CAPEC-15: Command Delimiters

An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.

CAPEC-6: Argument Injection

An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.

CAPEC-79: Using Slashes in Alternate Encoding

This attack targets the encoding of the Slash characters. An adversary would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the adversary many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.