Количество 9
Количество 9
BDU:2024-09421
Уязвимость библиотеки micromatch, связанная с неэффективной сложностью регулярных выражений, позволяющая нарушителю получить вызвать отказ в обслуживании
CVE-2024-4067
The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.
CVE-2024-4067
The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.
CVE-2024-4067
The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.
CVE-2024-4067
CVE-2024-4067
The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular E ...
GHSA-952p-6rrq-rcjv
Regular Expression Denial of Service (ReDoS) in micromatch
ROS-20241029-08
Множественные уязвимости opensearch
SUSE-SU-2024:3771-1
Security update for pgadmin4
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-09421 Уязвимость библиотеки micromatch, связанная с неэффективной сложностью регулярных выражений, позволяющая нарушителю получить вызвать отказ в обслуживании | CVSS3: 5.3 | 0% Низкий | почти 2 года назад |
 | CVE-2024-4067 The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | CVE-2024-4067 The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8. | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
 | CVE-2024-4067 The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | 0% Низкий | больше 1 года назад | ||
| CVE-2024-4067 The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular E ... | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| GHSA-952p-6rrq-rcjv Regular Expression Denial of Service (ReDoS) in micromatch | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | ROS-20241029-08 Множественные уязвимости opensearch | CVSS3: 7.5 | около 1 года назад | |
 | SUSE-SU-2024:3771-1 Security update for pgadmin4 | около 1 года назад |
Уязвимостей на страницу