Количество 9
Количество 9
GHSA-952p-6rrq-rcjv
Regular Expression Denial of Service (ReDoS) in micromatch
CVE-2024-4067
The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.
CVE-2024-4067
The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.
CVE-2024-4067
The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.
CVE-2024-4067
CVE-2024-4067
The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular E ...
BDU:2024-09421
Уязвимость библиотеки micromatch, связанная с неэффективной сложностью регулярных выражений, позволяющая нарушителю получить вызвать отказ в обслуживании
ROS-20241029-08
Множественные уязвимости opensearch
SUSE-SU-2024:3771-1
Security update for pgadmin4
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-952p-6rrq-rcjv Regular Expression Denial of Service (ReDoS) in micromatch | CVSS3: 5.3 | 0% Низкий | около 1 года назад |
 | CVE-2024-4067 The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. | CVSS3: 5.3 | 0% Низкий | около 1 года назад |
 | CVE-2024-4067 The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8. | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
 | CVE-2024-4067 The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8. | CVSS3: 5.3 | 0% Низкий | около 1 года назад |
 | 0% Низкий | около 1 года назад | ||
| CVE-2024-4067 The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular E ... | CVSS3: 5.3 | 0% Низкий | около 1 года назад |
 | BDU:2024-09421 Уязвимость библиотеки micromatch, связанная с неэффективной сложностью регулярных выражений, позволяющая нарушителю получить вызвать отказ в обслуживании | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | ROS-20241029-08 Множественные уязвимости opensearch | CVSS3: 7.5 | 8 месяцев назад | |
 | SUSE-SU-2024:3771-1 Security update for pgadmin4 | 8 месяцев назад |
Уязвимостей на страницу